The recent data breach at online merchant FabFitFun is a good example of how simple 'card breaches' create risk beyond simple 'card fraud'.
The payment card industry has some of the most advanced methods for linking breaches to fraud and in turn advising and protecting all stakeholders (which has many similarities to what Breach Clarity does for all categories of breaches, and their impact on 12 kinds of ID fraud beyond those involving cards), which in turn gives maximum protection to individuals and industry. And yet when even a 'card breach' exposes the maximum amount of card data–and especially data beyond that contained on the card–consumers and industry professionals need to take extra precaution.
One challenge for the FabFItFun breach is that the 3 or 4 digit secret code (referred to as CVV or CVC) printed on cards was exposed, making the breached set of data ideal for online card fraud. For breaches where the issuer has chosen to not reissue the card, exposure of the CV code is an opportunity to advise consumers to implement maximum possible card issuer safety methods, such as text alerts. Platforms such as Breach Clarity can be ideal for making that happen, in a way that calms the consumer and ensures that their payment methods keep working without interruption.
Beyond card data, this breach also exposed individuals' phone number, email address, and residence (see middle section below), which subjects them to scams that can linger beyond card fraud. For instance, scammers can now reach out to breach victims, and armed with 'private' card data can more effectively impersonate the issuer in order to extract even more data. Victims now face risks including targeted scams (which are more frequent during a crisis like Covid). While our public site only shows the top two risks, our behind the scenes algorithm calculates risks from a total of 12 threat types, and this one raises secondary risks of crimes like account takeover and new account fraud.
The top three things consumers should do after any breach are available on Breach Clarity for free, and the remaining action steps (from among 51 options) are available only to those accessing our full Premium application (coming this Fall through select credit unions, banks, and identity protection firms). For this breach, it's all about alerting and communicating with your issuer to see if a reissue makes sense.
What's most important is having a complete understanding of all the particular risks and prescribed action steps for any breach, and that's what Breach Clarity is for. Reporters, financial institutions, and other leaders who are interested in accessing ten times the outputs of risks and action steps can reach out to us using our contact us form.
Breach Clarity’s proprietary, machine learning algorithm instantly analyzes more than 1,000 elements to score the risk level of a data breach. Each publicly reported data breach in the U.S. receives a Breach Clarity Score on a simple numerical scale, typically from 1 to 10. Breach Clarity’s dynamic algorithm and easy-to-use interface runs on the most comprehensive source of data breaches in the U.S., maintained and updated continuously by the Identity Theft Resource Center. To learn more, or to check the score of a recent data breach, visit breachclarity.com.
Kelly Moore (for Breach Clarity)
515-720-9670 (texts welcome)