January 5, 2017
The year 2016 saw the aftermath of EMV implementation impacting financial institutions, merchants and consumers across the US. Though many expected to see a number of positive benefits from EMV, those benefits didn’t include a reduction in the number of merchant compromises or fraudulent activity.
As 2017 kicks off, we’ve taken a look back at the key trends in the fraud and data breach space over the past year – what we learned and what’s to come in 2017.
Over the past few years, media headlines have consistently painted the story of data breaches touching companies across all sectors. Just last year, we read about Wendy’s breach which impacted over 1,000 locations to Madison Square Garden Group’s hack, to several breaches at high-profile hotel chains including Hyatt, Marriot and Starwood – the list goes on and on. Overall, 2016 saw major household names hit hard by fraudulent activity.
While we are constantly reminded of the large companies that undergo a breach, it’s actually small businesses that are being hit the hardest. 2016 saw a huge shift from fraudsters attacking big box retailers to targeting the smaller Mom and Pop shops. In fact, 70% of breaches that occurred in 2016 happened at businesses with five or less locations.
We know that the ‘mega-breaches’ that occur are the stories that make the headline, but in reality it’s the larger companies that can typically afford to bail their way out. This is drastically different for smaller businesses where a breach may result in a company having to close its doors – nearly 60% of small businesses shut down within six months of an attack. The data breach landscape is reminiscent of the age-old David and Goliath debate – big vs. little and while arguably a breach will impact a company no matter the size, small businesses are increasingly being targeted to potentially even larger repercussions.
There was a drastic uptake of e-commerce fraud in 2016 and we expect this to continue in 2017. A recent report from Experian projects that 2016 e-commerce fraud attack rates to be at least 15 percent higher than last year’s total – we predict 2017 numbers will only continue to skyrocket.
As every industry moves online – from grocery to retail to banking, organizations need to have the technology in place to prevent cyberattacks especially as breaches continue to grow in size and scale.
Small business will continue to be a hot target for fraudsters. They have generally been slower to adopt EMV and as a result merchants who haven’t implemented the chip technology will continue to get hit hard in 2017. Only 37 percent of merchants are EMV compliant, leaving the door wide open for potential hacks and attacks.
Eating places, fast food restaurants and gas stations continue to top the list as the most compromised merchant categories. In December, Visa and Mastercard announced they are giving gas stations three extra years to install EMV technology with a new deadline of October 1, 2020. Gas station fraud has been heavily scrutinized over the last year due to its notoriously high fraud rates and this delay will only make them increasingly susceptible to attacks.
Restaurants were also a hot target in 2016 – think Wendy’s, Noodles & Company, etc., who all made headlines for being subject to a breach. This is due to the fact that the food and beverage industry has overall been slower to migrate to EMV technology due to technical complexities, though we expect to see greater demand for EMV terminals at restaurants in 2017.
Across the FinTech industry as a whole, we believe that in 2017 innovation that allows for faster information and execution, such as same day ACH, will also allow for quicker and bigger fraud takedowns. We predict systematic failures producing instances of massive fraud losses until the industry catches up in understanding new emerging innovation and technology.