With password re-use rampant, 4iQ offers free service and trial for eCommerce and financial services companies
4iQ, a leader in Identity Theft Intelligence, announced today it has fast-tracked to market a free service aimed at staving off the effects of a troubling trend – a significant seasonal rise in the presence of breached shopper credentials on the Deep, Dark Web. Because of widespread consumer password re-use, credentials from prior breaches are being used by criminals to access accounts on otherwise secure shopping, banking and credit card sites.
Each year since Cyber Monday became an American phenomenon, instances of online fraud have risen, along with the revenue significance of online shopping. In response, CIOs, CISOs and risk officers in leading retail and financial organizations have invested millions in their efforts around online security, locking down their infrastructures to avoid breaches. Ironically, it can be some other organization’s breach and a relatively non-technical criminal that opens their own organizations up to fraud. Regardless of root cause, the impact of unauthorized account access is both financial and reputational.
“When a shopper’s account is accessed by a criminal, it’s at minimum an immediate customer service issue, because the first place the consumer points the finger is at the website that allegedly charged their credit card,” said Monica Pal, 4iQ CEO. “At 4iQ, we know the truth isn’t always that simple. Ultimately the fraud could be the result of another organization’s breach that allowed that consumer’s credentials to get to the Deep, Dark Web. In other words, consumer’s decision to reuse a password could be the culprit. But that’s not the right message to send to a frustrated consumer. The real customer service solution in our mind is to help consumers protect themselves, which in turn protects you.”
In response and in advance of Cyber Monday this year, 4iQ has launched a free breach watch service to help e-commerce businesses understand their exposure on the surface and Deep and Dark Web. After an organization completes an online application and authorization process, 4iQ will scan its proprietary identity datalake for evidence of the organization’s domain being impacted by previous breach activity or other online vulnerabilities. This allows businesses to double- and triple-check for threats that could put the organization’s e-commerce infrastructure at risk. Then, with that as a baseline, 4iQ will alert the organization on any new activity related to the domain through January 31, 2019. 4iQ also offers an enterprise-level, paid service that enables organizations to find breached credential evidence associated with their customer accounts.
“In 2017, we saw a 182% increase in identity records discovered by our team compared with the year prior, and by June this year, the number of total exposed consumer records had nearly doubled from 12.4 million to about 22.5 million,” said Julio Casal, 4iQ Founder & Chief Technology Officer. “Last year’s holiday season was acknowledged industry-wide as the worst ever in terms of account takeover, and we can only expect this year will top that.”
Despite efforts to educate consumers on the risks of credential re-use, a July study commissioned by 4iQ showed that nearly half of surveyed US consumers admitted to reusing passwords across multiple websites. Three-quarters acknowledged they don’t change their passwords unless prompted or forced by a service to do so. For this reason, many financial services websites force regular resets – but some don’t and given consumer behavior, many online retailers avoid adding any extra steps to the checkout or security verification process.
“Most retail and financial services CISOs already have a little trouble sleeping during the holiday season,” said Pal. “But not considering the effects of password re-use is like locking the house, setting the alarm and leaving the garage door wide open.”