Skip to content

Capital One Breach: Account Takeover Fraud on Fire

On July 29, 2019, Capital One talked about the data breach the company had experienced. Over 100 million people’s sensitive data was breached in the U.S. and Canada as a result. If the Capital One breach is the topic you’re interested in and if you want to discover secure payment processing services, keep on reading below.

Capital One Breach: Protect Your Transactions
With more and more businesses moving to the online space, the number of customers logging in with their usernames and passwords is increasing rapidly. According to a 2018 report by an anti-fraud technology provider, account takeover (ATO) attacks grew 31% percent YoY (year-over-year).

ATO fraud is creating major problems for payments. Once criminals steal customers’ usernames and passwords, they can easily use that information to get access to more data. Recently, Capital One Financial Corp. (COF), the 5th biggest credit card issuing company in the U.S., has been attacked.

The “author” of the attack was Paige Thompson, an engineer having formerly worked at Amazon Web Services and as a contractor with Capital One. By relying on the information she had about the bank, she got access to the bank’s internal network and “took advantage” of a minor issue with the firewall.

Specifically, the attacker allegedly got access to the login data used for accessing the bank’s computers, stolen from open Amazon servers. Next, she was allegedly able to keep those computers under her control to obtain the information, as well as mine cryptocurrency. This type of mining is often called “cryptojacking.”

Thompson hacked the sensitive data of nearly 100 million people in the U.S. and 6 million people in Canada.

With all this in mind, it’s becoming more and more critical to protect your e-commerce business from fraudsters. You can do this easily by working with a secure payment processing company like eMerchantBroker.com. EMB, voted the nation’s top high risk payment processor, is committed to offering the cheapest rates and the fastest approval to both low and high risk merchants.

eMerchantBroker.com, raked an A company by Card Payment Options and listed as the “Best All-Around High Risk Merchant Account Provider” by ValuePenguin, can help you avoid problems like the Capital One breach. EMB works with Ethoca and Verifi to ensure you’re enjoying unmatched fraud prevention and chargeback mitigation services.

What You Didn’t About Capital One Hack
The Capital One hack isn’t the biggest security breach in history, however, it once again points to the importance of fraud prevention. The credit bureau Equifax breach back in September 2017 was bigger: it exposed sensitive information of 145 million customers, including 209.000 credit card details.

Concerning data breaches, be aware that there exist 2 basic threats that consumers are faced with:

  • ATO or account takeover fraud when hackers take over a legitimate user’s account to complete fraudulent transactions
  • Synthetic fraud when hackers use stolen consumer data, often of more than one consumer, to “build” a new user

According to Daniela Perlmutter, vice president of marketing at cybersecurity firm CyberInt, consumers must take special attention to and be aware of the transactions in their accounts. When it comes to financial institutions, including commercial banks, they should learn a lesson from the case with Capital One and give their employees and contractors limited access to their cloud-computing systems.

Capital One has reported the bank has already resolved the issue the hacker relied on to steal the information. It’s worked with federal law enforcement on the case.

To sum up, Capital One has recently announced an attacker stolen sensitive data about the bank’s credit card customers and those having applied for their credit card products.

Capital One has already fixed the issue by promptly cooperating with federal law enforcement. The hacker is under arrest. The bank’s analysis shows that the data mustn’t have been used to commit fraud or disseminate.

Make sure to work only with a reputable payment processor that can provide you with the most sophisticated fraud prevention techniques.