A worrying proportion (33 per cent) of retailers in the UK are not reporting data breaches like account takeover to the relevant authorities, flouting stringent GDPR rules, research by fraud detection and payment acceptance specialist Ravelin finds today.
Grocery retailers, for example, suffered an average of 53 account takeover attacks in 2020, yet 28 per cent did not report any breaches whatsoever to the authorities. FMCG retailers are the least likely type of retailer to report account takeover attacks, with only 55 per cent saying they had done so in the past year despite having an average of 2.8 attacks per month.
Account takeover is a fast-growing threat to retailers, with nearly three quarters (72 per cent) finding that they’ve experienced a rise in attacks in the past 12 months — almost certainly driven by the growth of eCommerce during the pandemic.
Account takeover occurs when a customer’s login details to their online account with a retailer fall into the hands of a fraudster who then uses a customer’s account to make fraudulent purchases. Analysts estimate that account takeover costs merchants, banks and payment service providers billions each year.
Ravelin’s findings today are part of a new retail report, which draws on the opinions and experiences of 1,000 fraud and payments professionals working in large businesses all over the world. The report provides a valuable in-depth understanding into merchant fraud teams, their environment, top business threats, fraud activity trends and forecasts.
Mairtin O’Riada, co-founder and CIO at Ravelin said: “Many retailers seem to have misunderstood their obligations to report account takeover attacks under GDPR. Even a small account takeover attack is a data breach, and retailers must report them to the relevant authorities, or they could be fined.
“But to report these kinds of attacks, you’ve first got to know if they’re happening to you. Monitoring customer logins and new devices are a good first-defence against account takeover, but only 56 per cent are monitoring logins and 47 per cent are tracking customers using new devices. These stats need to change.”
Share