With a new breach occurring every day, customers feel vulnerable and expect merchants to protect their data. Account security could be the difference between a lifelong customer and a one-time buyer. In the past year, account takeovers (ATOs) rose by 31% according to Forter’s Fraud Attack Index, and with more private data available than ever before, we should expect to see these types of exploitative behaviors occur more often.
Risks From Within
It is imperative for merchants to keep both company and consumer data safe. Most retailers have a dedicated security team responsible for the safekeeping of vulnerable data. However, security engineers and risk teams are not the only hands on this data. Regardless of the size of the company, data often flows through various “touches” during its lifecycle.
Studies have found that some of the worst breaches can occur at the hands of human error, even up to 90% of the time. This means that the more “touches” your data withstands, the more likely it is to be irresponsibly exposed.
The largest cybersecurity risk for many businesses revolves around human factors and employee behaviors. Businesses are concerned with employees inappropriately sharing data via mobile devices, the physical loss of said devices which would thereby expose the business to unforeseen risks, and the use of inappropriate IT resources by employees.
Phishing attacks are one of the most simple and effective means by which employees inadvertently expose company data. They account for the origin of as many as 95% of company security breaches, and typically appear in the form of suspicious emails. These emails often appear under the pretense that they were “sent” from a colleague (although if carefully examined you will see a spoofed account), the subject line will appear urgent, and enclosed will be a high-priority attachment to download. One distracted click could put your company at great risk.
More Doesn’t Always Mean Better
Often times when risk teams are assembled, managers tout the robustness of their team in part due to its size. What they fail to mention is that more eyes and more hands on private data means the burden of protection is at a greater risk. Manual review teams by nature need to hire staff that are well-versed in the risks associated with handling personal data, but often holiday rushes, peak seasons, or expected online queue handling restrict the quality of this process. “More hands on deck” means a greater likelihood of mistakes and exposure.
One way to combat this? Strengthen your security training programs and ensure that all employees, regardless of where they sit in the hierarchy of the business, are equally educated on the risks associated with data privacy.
Behind Door Number Two? Automation.
The best way to avoid security crises is to automate the system by which data is being processed and reviewed. In the world of fraud prevention, manual review and rules-based systems simply open a business up to too many risks that could result in huge financial penalties and losses to your business, not to mention reputational collateral damage.
Automation makes far more powerful the “principle of least privilege,” which ensures employees only have access to the minimal amount of information needed to execute their job. The principle of least privilege should guide your business security mission. Transactions will no longer be subject to the probing eyes of multiple manual reviewers, requiring deep access to the minutia of each order. Instead, automation will lead to increased security. Automation minimizes human errors and through the advanced technology of machine learning algorithms, automation detects patterns and behaviors that the human eye simply misses.
Click here to learn more about the state of the fraud ecosystem in 2018.