Cosmetic firm Tatcha warns customers of data breach, harvesting card details

Cosmetic company Tatcha has warned customers that hackers compromised its website and harvested payment card details. The company sent notices out to customers whose card details were stolen back in January after they discovered the breach last month.

http://brn.firetrench.com

Commenting on this, Robert Capps, VP of business development at fraud mitigation company, NuData Security, said “Data in the wrong hands – especially credit card information – can have a huge impact on consumers, far beyond the unauthorised use of their payment cards.  Credit card information, combined with other data on the consumer from other breaches and social media, builds a more complete profile. In the hands of fraudsters and criminal organisations, these valuable identity sets are usually sold to other cybercriminals and used for myriad criminal activities, both on the Internet and in the physical world. Using these real identities, and sometimes fake identities with valid credentials, they’ll take over accounts, apply for loans and much more. Every hack has a snowball effect that far outlasts the initial breach.

All customer information is valuable to fraudsters. Names, physical and email addresses, passwords, the content of emails – everything that can be used to compile an identity will be used. We must change the current equation of “breach = fraud” by changing how we think about online identity verification. We need to protect all consumer data, but more importantly, we need to make it valueless.

The technology exists right now that prevents fraudsters with stolen valid credentials from accessing accounts because they can’t replicate the consumers’ behaviour. 

Analysing consumer behaviour with passive biometrics is completely invisible to real customers and fraudsters alike. It has the added benefit of providing valid users with a great experience without the extra friction that often comes with other consumer identification techniques. When fraudsters try to use stolen consumer data or login credentials, they will find the data is useless.

The balance of power will return to consumer protection when more companies implement such techniques and technology.