Identity Fraud in Focus quarterly report
8 min
Criminals are targeting the retail industry like never before, and it’s not just merchandise they’re after. Hackers, identity thieves, and cybercriminals are working around the clock to steal the personal data, online credentials, and identities of retail employees — a trend that has skyrocketed in recent years.
Let’s take a closer look at why this is the case and what retailers can do to protect their employees and customers.
While thieves have targeted retailers since the dawn of commerce, last year proved to be a particularly bad one for both brick-and-mortar locations and online stores. The industry experienced more than 300 security incidents and nearly 170 confirmed breaches.
As one would expect, the vast majority — 96 percent — of retail breaches and security incidents were financially motivated. As a result, the stolen data largely consisted of payment details, personally identifiable information, and employee credentials.
Each of these compromised data types can be used to perpetrate retail fraud. Retail fraud, which employees can unknowingly play a part in, is a huge business for identity thieves. Industry analysts suggest this crime accounts for more than 1.5 percent of all retail revenue.
In addition to the more traditional forms of retail fraud, retailers must also guard themselves against account takeover. Account takeovers occur when an identity thief compromises an employee or customer account and takes action on the victim’s behalf. This form of fraud hit a four-year high in 2017, and losses rose by more than 120 percent from the previous year.
It’s no secret why retailers and their employees are so targeted by identity thieves, hackers, and cybercriminals — it’s all about the payday! The retail industry houses data that can be exploited in numerous ways. The most obvious are the payment details many retailers collect. What’s less obvious is how thieves gain access to this data.
Often, this can involve using an employee’s compromised credentials. Many employees have access to thousands, if not millions, of customer records. These records typically consist of a treasure trove of data that thieves can monetize — even if payment details aren’t part of the files!
Cybercriminals can still walk away with a customer’s name, address, phone number, email address, and other sensitive data including their birthdate and Social Security number.
Thieves can also use an employee’s compromised credentials to phish unsuspecting co-workers, customers, and even their bosses! If a phishing attempt is successful, cybercriminals can install malware on the retailer’s network — which costs U.S. companies billions each year.
The good news is there are steps retailers can take to protect their employees from hackers, identity thieves, and cybercriminals. The most powerful of these is to offer identity protection as an employee benefit.
With a quality identity protection benefit in place, employees will be alerted at the very first signs of identity theft and possible account compromise. If their identity is stolen, a team of trained experts will help the victim restore his or her identity in the quickest time possible.
If you’re a broker and have clients in the retail industry, you can download our guide, The Retail Industry Is Under Attack: Data Breaches, Security Incidents, and Identity Theft. This handy one-sheet has all the stats you need to know to keep your clients safe!
Do you have questions we didn’t address? Would you like to learn even more about employee identity protection? Considering adding identity protection to your portfolio?
We’re here to help!
If you're considering one of our services, want more information, or need assistance, please reach out. We’re here to help.