Over the last 12 months, the retail industry has suffered what seems to be an unending string of data breaches. From Home Depot to Michaels and Neiman Marcus, cyber criminals were able to steal a wealth of other consumer information throughout 2014. While the majority of people when they hear about retail breaches become instantly concerned about compromised payment card details and rightfully so, the bigger prize for data thieves is the ability to pilfer not just their debit or credit card number but information they could use to potentially steal their identity.
“People who are perpetrating these crimes on the back end are using big data to not take just one piece of information, but information from four or five events and they are collecting credit card and address information from one data breach, Social Security or PINs numbers from another and then putting them together to create a synthetic identity,” explained Michael Bruemmer, vice president, Experian Consumer Protection. “Synthetic identity fraud is now the fastest growing area of identity theft that we’re seeing.”
According to Bruemmer, Experian did about 23,000 successful identity theft resolutions for consumers through their fraud resolution team last year. However, he said the number of incidents involving synthetic identity theft, which consists of using a valid Social Security number with a name and birthdate that is not associated with that number, continues to rise.
To help combat this and other fraud schemes that occur as a result of data breaches, Experian Data Breach Resolution has partnered with card fraud monitoring firm BillGuard, to offer a solution that retailers can provide to customers affected by a data breach. People who are enrolled in Experian’s fraud surveillance and identity theft resolution product ProtectMyID will now be able to download BillGuard’s mobile app where they can access both their ProtectMyID alerts and BillGuard features.
“What we did in breaches we serviced is we looked and got feedback and found that the best way to address, particularly retail card breaches, was to look at fraud transaction monitoring and BillGuard provides this,” added Bruemmer. “Whether it is a debit card, credit card, checking account, mortgage account – any place you have a username and password - you can see all of those transactions in the BillGuard app.”
Additionally, because BillGuard is a crowdsourced solution, it provides feedback as it looks at these transactions to determine if fraud may be occurring as a result of purchases users may have made at a particular merchant. For example, two weeks before the Home Depot breach became public last year, over 100,000 BillGuard members were alerted that there were fraudulent transactions either on their Visa, MasterCard or Home Depot card because of what they were able to see through their crowdsourcing technology.
According to BillGuard CEO Yaron Samid, in the aftermath of a data breach, consumers are told that they have to monitor their card activity carefully for any suspicious activity and if something is found to let their card issuer know. However, Samid said the fallacy with that is cardholders are left to do that monitoring on their own and that over half of all known card fraud is actually missed by the banks and ends up on the statements of cardholders who are responsible for combing through all their various transactions.
“It is just an unfortunate fact of human nature that we are not very diligent at going line item by line item and checking our card statements for any bogus charges,” said Samid. “Typically after a data breach, the first sign that there has been a breach of a card is that there will be micro charges on that card that are validating that it is still active. When you build a network like BillGuard which is crowdsourced, it takes into consideration every single transaction from everyone in the network and flags even the smallest charge and that enables the system to ask other people who have that similar charge on their card if it is authorized or not authorized.”
Bruemmer said that they are currently offering the combined fraud fighting capabilities of ProtectMyID and BillGuard to their retail and other business clients that have purchase their data breach resolution services. Those businesses can subsequently provide the service to their customers in the event of a data breach.
“If you are affected by a data breach and offer our ProtectMyID service, which includes a number of different things in addition to the BillGuard card fraud monitoring - it is looking at the 50 leading fraud indicators on your credit file and it is actually providing you a credit report – all of those things have been provided by ProtectMyID as well as $1 million worth of insurance for fraud resolution,” said Bruemmer. “If you affected by a data breach, you get access to all of that plus the BillGuard product. The clients that we are offering this product through are delighted because they get a comprehensive product that will address any type of situation - whether it is card fraud, an issue with electronic funds transfer, medical ID theft – any type of identity theft regardless of that cybersecurity event, the ProtectMyID product now with crowdsourcing from BillGuard gives you a comprehensive fraud surveillance and identity theft resolution tool all in one spot.”
