Yesterday, news broke that a file containing detailed personal information on 200 million Americans was stored on an unprotected server by a political contractor. The travails of Yahoo and its half a billion stolen records have been well documented. Breaches like these, focused on personal information, recently have shifted the focus of card-not-present fraud professionals toward new kinds of fraud based on personal information: account takeover, account creation and synthetic fraud.
A new report from Trustwave, however, serves as a warning: credit card data is still being stolen at a high rate and used against merchants. In fact, according to the company’s 2017 Global Security Report, 63 percent of all investigated incidents targeted payment card data (33 percent targeted card track data, mainly from POS environments and 30 percent sought card-not-present data with e-commerce retailers as the main target).
While there was good news for online merchants—only 26 percent of all network breaches affected the e-commerce environment compared to 38 percent in 2015—it came at the expense of their bricks-and-mortar brethren. The POS was the source of 31 percent of security compromises in 2016, compared to 22 percent in 2015. Overall, retail accounted for the most intrusions (22 percent) in 2016, followed by food and beverage (16 percent).
Another piece of good news in the report: the median number of days from an intrusion to detection fell from 80.5 days in 2015 to 49 days last year.