The correlation between data breaches and account takeover fraud

December 5, 2018

Businesses should brace for increase in account takeover fraud in the face of massive Marriott data breach

data breach

More than a year after the Equifax breach (the biggest breach of 2018 and arguably the worst hack of its time, exposing personal information of virtually half of the American population), Mariott announces that 500 million Starwood guest records were stolen in a massive data breach. (Read more on the Equifax hack here.) These records contained guest names, postal addresses, email addresses, passport numbers Starwood’s rewards information, arrival and departure information, reservation date and communication preferences. Apparently, the breach may have begun as far back as 2014, when Marriott first acquired Starwood.  

Hotels are easy targets for these kinds of data breaches, because they hold a plethora of global data, identities and intelligence and an interconnectedness of other businesses entities within each hotel. And with hotel mergers expected to accelerate1, they’re in danger of becoming the most likely source of data theft.

How can businesses respond to a major data breach to protect customers from fraudulent behavior?

In addition to any costly remediation on Marriott’s part, businesses and regulators should once again review the sophistication and security of their identity verification solutions following a massive data breach.

More data breaches = more account takeover fraud

We all know that data breaches weaken the value of knowledge-based authentication used for on-boarding, thereby increasing the instance of account opening fraud. But now, we're also finding a correlation between data breaches and account takeover fraud. 

The fifth edition of Forter’s Fraud Attack Index indicated that the Equifax breach helped to fuel a 31% increase in account takeover (ATO) attempts2. The report also illustrates a fraud industry that is becoming increasingly sophisticated, and the need for online businesses to move to more automated security systems that employ machine learning, artificial intelligence and biometric facial recognition.

A piece published by also links data breaches (like the significant ones at Equifax and Target) to a massive market for stolen credit card details, within which hackers who hold the data usually sell it fraudsters. This is the point at which we begin to see classic signs of account takeover. 

Choose the right digital identity verification to protect your customers from account takeover

It has become more and more clear with every data breach that knowledge-based authentication will continue to become less effective until it is no longer effective at all.  

The best way to prevent account takeover fraud in the wake of massive data breaches is to identity proof any time account takeover is suspected. An identity verification process that provides an intuitive customer experience and simultaneously helps to mitigate fraud risk is key to keeping customers protected and happy, and the business healthy.

Read this case study to learn how MoneyGram reduced account takeover fraud by 80% with Mobile Verify. 

  1. Matthew Pohlman. "Mergers and acquisitions in hospitality expected to accelerate." Hotel Management