The Simility Blog

New Data Breach Milestone Should Focus Minds on Data-Centric Fraud Prevention
Sean Nierat
Sean Nierat
October 02, 2019

Data breaches come so quick and fast these days that both consumers and businesses are in danger of becoming desensitized. In August alone, tens of millions of customer records were compromised after two online apparel companies were hit. This, supposedly, came in one of the quietest months of the year for cybercrime activity. As if that weren’t enough, the Identity Theft Resource Center (ITRC) recently revealed a new milestone for recorded US breaches, after the number hit the 10,000 mark for the first time. 1

The message is simple: breaches are the new normal. That makes it more important than ever for firms to put in place advanced fraud screening tools to deal with the inevitable consequence of large-scale data theft: identity fraud.

The New Normal 

The ITRC is a US non-profit dedicated to helping the victims of identity theft and broadening awareness of cybercrime in general. As such, it has been tracking reported data breaches since 2005. These incidents might stem from a classic third-party intrusion into the corporate network (via phishing/malware etc), but equally they may be the result of employee error, malicious insiders, physical theft of data, or other scenarios.

Whatever the reason, the fact is that organizations seem unable to stem the tide. The new 10,000 breach milestone means that 1.4 billion customer records have now been compromised in such incidents. These could include everything from Social Security numbers to driver’s license details, protected health information (PHI), and account log-ins. As of August 12, the ITRC had recorded 907 reported breaches in 2019 alone, exposing over 145 million customer records.2

What Happens Next? 

Once it has been exfiltrated from the target organization, the stolen data is sorted and then put up for sale on dark web marketplaces. Large collections of usernames/emails and passwords known as “combo” lists are particularly sought after by hackers looking to crack open other user accounts by trying them with automated tools across multiple sites.

Fraudsters will then buy this stolen data and use it to hijack existing accounts and/or create new accounts in the victim’s name. According to Javelin Strategy & Research, losses from new account fraud jumped from $3bn in 2017 to $3.4bn last year, while mobile account takeovers surged by nearly 79%.3 Another strategy is to blend stolen personal data with fake information to create new “synthetic” identities, which can be harder still for organizations to spot.

The Secret Of Adaptive Decisioning 

The modern data breach epidemic puts more pressure than ever on firms to find reliable ways to tackle rising levels of downstream fraud. Legacy tools have a hard time spotting sophisticated fraud attempts using automated bots and anonymizing tools, as well as evolving techniques using multiple channels. This can result in major fraud losses, as well as a large number of transactions being sent for manual review, which can increase overheads. If fraud tools aren’t up to the task, they may also step-up too many customers to secondary authentication checks, adding friction which results in basket drop-outs and customer churn.

Instead, risk teams need behavior-based fraud solutions that use the power of data and machine learning to provide highly accurate, automated decisioning.

Simility’s Adaptive Decisioning Platform leverages large volumes of disparate data from multiple sources, applying state-of-the-art machine learning to provide a 360-degree view of each user. This means any suspicious activity is immediately flagged and risk-profiled with high confidence.

This is the kind of adaptive, data-centric technology organizations need to empower their risk teams — minimizing fraud losses without damaging the customer experience. In a world of continuous data breaches, these capabilities are now a must-have to support digital growth and differentiation.

To learn how you can leverage Simility’s industry-recognized fraud prevention platform to combat identity fraud, schedule a demo today.

1 ITRC, July 2019,

2 ITRC, July 2019,

3 Javelin Research & Strategy, March 2019,