The Equifax Breach and Your Business—What You Need to Know and Why it Affects You
In early September, Equifax announced that it suffered one of the largest security breaches in U.S. history, putting the sensitive information of nearly 143 million Americans at risk.
As one of the three major credit monitoring and reporting entities, this organization is tasked with tracking and rating the financial history of consumers. Their reports contribute to crucial financial decisions. For example, if you want to purchase a home or a car, your lender will pull your credit report from one of the three institutions, including Equifax. 
Even the interest rate your bank gives you on your credit card is based off of their reporting. As such, Equifax has access to the ultimate cache of personal information about you, including your name, social security number, date of birth, address, credit card number, and possibly even your driver’s license number. The depth of their information about consumers has fallen into the hands of hackers who have everything they need to preform nearly effortless acts of fraud.
As a consumer yourself, you know the stress and feelings of uncertainty that come when these data breaches occur. However, the complexity of this breach is creating new legal questions, while financial experts warn that the impact could last for decades. For example, consumers are being urged to sign up for Equifax’s free credit monitoring program, but buried in the fine print lies provisions that those affected by the breach somewhat waive certain legal rights for litigation. Overall, this situation has put millions at risk, and many will find their information sold on the dark web and their financial solvency jeopardized.
While this situation affects so many of us on a personal level, as a business owner, you need to be concerned both about your own secure payment processing, and the ways you can protect both yourself and your customers in the years to come. However, before we consider fraud impact post-breach, let’s take a look at how skyrocketing fraud is affecting commerce. An organization specializing in data analytics, LexisNexis Risk Solutions, recently published a study titled, 2017 LexisNexis True Cost of Fraud. It looked at fraud, attempted fraud, digital sales versus physical, and even retailer size. It found, after surveying nearly 1200 risk and fraud managers, nearly one-third of all monthly retail transactions, and 43% of monthly e-commerce transactions, involve attempted fraud, with those numbers expected to increase during the holiday season. Mid-size and larger retailers reported greater risk, but one of the most concerning findings was the true cost of fraud per dollar. The study reported that fraud cost companies $2.66 for every dollar of fraud loss, which is clearly more than the cost of the merchandise lost. The reason? Added costs include chargebacks, fees, lost interest, and merchandise replacement and redistribution. For primarily e-commerce based companies, the cost per dollar of fraud balloons 31% to $3.48, highlighting the concerns for transaction security in e-commerce. Additionally, we all know that there could be effects for which this study cannot account, such as the loss of customer trust, bad publicity or gossip, and loss of business from customers turned victims.
As you can see from these figures, fraud costs are already affecting the health of both businesses and consumers, which is why the Equifax breach is so concerning. The sheer scope of both the people and the amount of data compromised is almost sure to create even greater issues and risk. While no one can guarantee that your business will be 100% immune to fraud, you can look more closely at credit card processing risk management solutions and ensure that you are following the most up-to-date industry best practices. The risk of fees and chargebacks alone, which can threaten the standing of your merchant account, should provide enough motivation to help you take a hard look at credit card transaction security. However, your approach needs to be tailored to the type of business you run:
Brick-and-Mortar
- If you have not upgraded to EMV chip processing, the breach should give you the motivation you need. The cost of fraud will be much higher for you, because the banks no longer have to assume the liability for your failure to adhere to industry regulations and best practices. While you may have to invest in new equipment and software upgrades, the risk of not doing so could sink your business with the expected rise in retail fraud.
- Focus on being safe in every transaction. For ALL credit transactions, ask for a picture ID. These signature-based transactions are the most-used method because they can count on rushed retailers to skip this simple step.
- If someone is making a large purchase, remind them of your return policy and enforce it consistently. Many thieves make fraudulent purchases and return the items quickly for cash.
E-Commerce
- Start by collaborating with your merchant account provider. Check and see that your systems and equipment are up to date, and that you are following best practices.
- Understand PCI compliance, and work with your provider to ensure that you achieve and maintain this standard.
- Know the warning signs, such as multiple orders placed by the same person using different credit cards, phone numbers that do not match the area code of the billing address, big spenders who order large quantities of products, several of the same product, or pay extra to ship quickly (to resell items before detection), and orders where the cardholder’s name is different from the recipient’s name.
- Stay up-to-date on security standards for e-commerce payment processing with the help of your payment solutions provider.
- Keep records about fraud attempts so you can watch for patterns or common risk areas.
These points for thought are barely the tip of the proverbial iceberg when considering fraud prevention. Even if you have the best intentions, every busy business owner has been known to that the unintentional shortcut or make a mistake. This Equifax breach is an unfortunate reminder that we all have to work together, and that protecting your business and customers needs to be just as important as growing your brand.