Synthetic identity fraud is a growing, evolving challenge for merchants. It arises when criminals combine real or stolen personal data with fake information to create new identities, open fake accounts, and make fraudulent purchases.

Kount synthetic identity fraudAnd this cybercrime problem is growing according to fraud prevention experts. In a recent Kount video, Tom Donlea of Whitepages Pro discussed how cybercriminals assemble real information such as name, email address, billing and shipping addresses, phone number, credit card info and even credit history, in conjunction with fake information to pass initial fraud prevention checks.

“It isn’t necessarily the number of records as much as the depth of information that has been gleaned from those accounts, the very savvy sophisticated organized crime rings are able to assemble identities from these pieces, and they understand what the merchants and the online lenders and financial institutions are looking for, to create an identity that flies below the radar,” Donlea says.

80%-90% of login attempts are by hackers

Shape Security research reportCybersecurity firm Shape Security recently reported that between 80% and 90% of e-commerce website login attempts are by hackers using stolen data.

This is a huge problem for merchants because KPMG research shows that 19% of consumers will stop shopping in a retailer after a data breach and 33% will not shop at a retailer for an extended time after a data breach.

16 recent large data breaches

According to a recent Business Insider story, your personal or financial data may have been compromised if you shopped at or patronized any of the following retailers in the past 12 months:

  • Cheddar’s Scratch Kitchen: Nov 2017 – Jan 2018; 567,000 accounts
  • Macy’s & Bloomingdale’s online: April – June 2018; numbers unknown
  • Adidas US online: announced in June 2018; timing and numbers unknown
  • Sears and Kmart online: breach of online partner [24]7.ai. In Sept – Oct 2017; estimated 100,000
  • data breaches problems growing globallyKmart: separate breach in June 2017
  • Delta Airlines: affected by [24]7.ai breach as well; Sept – Oct 2017, numbers unknown
  • Best Buy: also affected by [24]7.ai breach; the company claimed small numbers but unknown
  • Saks Fifth Avenue and Lord & Taylor: announced in April 2018; payments and credit data stolen, estimated 5 million customers affected
  • Under Armour: MyFitnessPal app data including names, emails and passwords accessed; 150 million compromised
  • Panera Bread: website data leak exposed customers’ personal information, including names, addresses, and partial credit card numbers for eight months period prior to April 2018.
  • Forever 21: cashier terminals exposed customer credit card data and verification codes impacting customers between March – October 2017.
  • Sonic: fast food chain credit card data from as many as 5 million customers at risk from data breach
  • Whole Foods, Gamestop and Arby’s also suffered large data breaches in late 2016 and in 2017.

That’s a lot of data being sold, shared and potentially at risk of being assembled into synthetic identities by savvy cybercriminals.

Research report available

Shape Security 2018 Credential Spill ReportRetailers and online merchants need to seriously assess their data security and payment security risk and manage it accordingly.

You can view the Kount synthetic identity video here and read the free Shape Security 2018 Credential Spill Report here.