Credit bureau Experian recently released their second annual Data Breach Industry Forecast report highlighting six trends expected for 2015. Key predictions include more concentrated data breach activity earlier in 2015 prior to the U.S. EMV liability shift date and hackers expanding efforts targeting the millions of new internet connected devices.
While there hasn’t yet been a data breach in 2014 that has garnered as many headlines as the Target data breach in late 2013, it was still a very active year. It is likely there will be many data breaches in 2015 as well, but there are some trends expected to influence the distribution and types of attacks.
Experian’s 2015 Second Annual Data Breach Industry Forecast discusses six data breach trends to keep an eye on as we prepare to enter next year. The first is related to a topic that has been discussed quite a bit in the payments and risk industry: the October, 2015 EMV liability shift date. While the eCommerce industry is bracing for a shift of more fraud attacks to the Card Not Present channel after the liability shift date, brick-and-mortar retailers ought to be on the lookout for malware and breaches targeting point-of-sale systems before the liability shift.
Even after the rollout of EMV merchants that store primary account numbers (PANs) and other consumer data will still be targeted by data breaches, but hackers will have less success intercepting card data at the point-of-sale. Just as fraud patterns are expected to shift, data breach attacks may shift as well.
With the increase in payment card security hackers are expected to focus more attention on consumer login credentials. Because consumers tend to reuse usernames and passwords across multiple sites and services, a fraudster that is able to compromise one username and password combination may have several opportunities to monetize the stolen information. This is also a consideration for eCommerce businesses that protect payment information or access to services behind a user account and login. If fraudsters are not able to obtain direct payment card information as easily they will likely shift their focus to more Account Takeover (ATO) attacks.
Another hot topic today and going forward is the Internet of Things. More and more home appliances and everyday devices are being equipped with WiFi to improve the consumer experience and benefit businesses with access to more data. Gartner forecasts there will be more than 25 billion units considered to be part of the Internet of Things, compared to less than 1 billion in 2009. There are many ways hackers may try to exploit these millions of new devices, and with new technologies we almost always meet new vulnerabilities.
For more information: