The Marriott hotel hack is the latest in an alarming series of data breaches, exposing the personal data of 500 million customers. Given the size of the breach, the quality of the data revealed and the number of years it went undetected, the repercussions are bound to impact the fraud landscape in 2019 and beyond.
In the aftermath of the Marriott breach, there will likely be an increase in fraud attack rates. Bad actors will leverage the leaked information to take advantage of e-commerce retailers and consumers by exploiting the available data via account takeovers, or ATO. ATO occurs when criminals hijack personal details (like those exposed in the Marriott breach), log in to an online account and masquerade as a returning customer to steal goods or additional data.
Marriott International Inc. signage is displayed in the lobby of the company's headquarters in Bethesda, Maryland, U.S., on Wednesday, June 1, 2016. With the closing of a merger deal between Marriott and Starwood Hotels & Resorts Worldwide Inc., expected midyear, Marriott would surpass Hilton Worldwide Holdings Inc. to become the biggest hotel company, with about 1.1 million rooms in 5,700 properties. Photographer: Andrew Harrer/Bloomberg
Andrew Harrer/Bloomberg
During the third quarter of 2017, there was a 53% spike in ATO, likely influenced by the Equifax breach, reinforcing the need for online merchants like hospitality companies to prevent these types of attacks, especially in the wake of a large-scale hack.
Loyalty program fraud is another concern for merchants following recent hacks. For fraudsters, loyalty points are essentially free money. Once a criminal has access to an account through ATO, they can easily steal and monetize a customer’s loyalty accounts. These accounts are especially valuable to the fraudster as they can often go unnoticed in their attacks, since the average shopper doesn’t systematically check their reward account balances. Beyond the immediate loss, loyalty program fraud can ruin customer relationships and deteriorate brand trust.
Further, data stolen in the Marriott breach may be used by bad actors to commit other large-scale attacks in the future, putting all online merchants at risk, regardless of industry. For instance, hackers recently accessed an undisclosed number of Dunkin’ DD Perks rewards accounts, using the data stolen in other companies’ security breaches. Given the scale and quality of the data exposed in the Marriott breach, fraudsters now have an immense amount of information that can potentially be used in future breaches.
Data breaches show no signs of abating, so online merchants must take precautions to protect their valued customers and their revenue from fraud, without disrupting the customer experience.
To do so effectively, merchants must look for fraud prevention partners that leverage machine learning and AI to stop fraud at every touchpoint along the customer journey (such as account creation and the redemption of loyalty points), instead of just focusing on the point of checkout.
House Republicans, led by House Financial Services Committee Chairman French Hill, R-Ark., outlined their priorities for the Trump administration's banking agenda in a series of letters to key regulators.
The buy now/pay later company made a deal with Stride Bank to add banking-as-a-service heft as Affirm Card usage soars and Evolve grapples with defections.
The Trump administration is leapfrogging the normal process by taking its fight over a district court injunction blocking efforts to shut down the Consumer Financial Protection Bureau to a federal appeals court, according to the CFPB workers' union.
"I can't just go fishing in the ocean," said Grasshopper Bank CEO Michael Butler, referring to his bank's ability to gather deposits. "JPMorgan Chase is out there with a yacht, and I'm driving a small speedboat."
Holly O'Neill, who was No. 5 on American Banker's list of the Most Powerful Women in Banking last year, will oversee a new department combining BofA's retail and preferred units. Aron Levine, who previously led preferred banking, is leaving the company.