The Equifax hack announced in September exposed the personal information of 143 million Americans. That’s nearly every credit card holder in the country.
Consumers are worried—rightly so—about whether their finances and credit will be impacted by this massive breach. Merchants, however, may end up paying the steepest price.
The volume of the data exposed means fraud risk will be heightened for many years to come.
We’re likely to see more fraud attempts than ever as criminals use stolen information to make fraudulent transactions, a practice known as clean fraud. They might also engage in synthetic fraud, where partial data like social security numbers and addresses are combined to create “fake” consumers.
No matter the method, merchants ultimately pay the price. This usually takes the form of a chargeback, which means the merchant loses the sales revenue, any merchandise shipped and the cost of shipping as well as the interchange fees. That’s not to mention the fees assessed by acquirers for processing chargebacks, and the long-term threats to the business’s sustainability.
It’s hard to say. We will see increased chargebacks, but trying to determine exactly how much of that increase was part of the preexisting trend may not be possible.
Chargebacks tend to occur between 45-60 days after a transaction. As mentioned, though, the Equifax hack could send out shock waves in the payments industry for many years. Disputes are difficult to attribute to a specific catalyst like criminal fraud under typical conditions, and the scope of this incident will make it significantly harder.
Then you need to consider consumer behavior. High-profile hacks come along with heightened customer anxiety, and more vigilant cardholders are more likely to dispute anything they suspect might be fraud.
We’ve seen hacks before, but not really on such a massive scale, with most American adults impacted. Above all, the Equifax hack leaves us with a lot of uncertainty.
The only solution is to take a multilayered approach. Merchants need to combine complimentary strategies and techniques to try and identify and intercept as many criminal fraud attacks as possible. These should include address verification, card security code (CVV2/CVC2) verification and device authentication.
Another very important and easy-to-adopt tool is two-factor authentication. Mobile payment platforms like Apple Pay and Samsung Pay have this built in; the user must first unlock the device, then use a biometric scan to authorize payment.
Remember though: even with these tools and strategies in place, there is still no foolproof way to prevent fraud and chargebacks. Post-hack, all merchants need to be more diligent than ever about defending their revenue from attacks.