There’s a downside to e-commerce’s rapid growth: Online retailers are facing a future with a growing number of data breaches, attacking millions of consumers that will cost them millions of dollars.

This is not the bright future retailers want to hear about, but it reflects the current reality, experts say. In the past few months alone, large retailers Macy’s Inc. and Adidas AG, plus ticketing service Ticketmaster’s U.K. site and airline British Airways have each suffered an online data security breach. In addition, just last month e-commerce platform vendor Magento suffered a malware attack that impacted roughly 5,000 of its Magento Open Source users.

These data breaches of large, well-known brands highlight fraud’s shift online and the need for
merchants to understand the weak points on their websites and apps, and how to secure them. That’s a marked shift from just a few years ago when major criminal attacks that hit retailers such as Home Depot Inc., TJ Maxx and Target Corp. originated offline. But criminals, like many consumers, are shifting to the internet. There are several reasons including a rise in store-based merchants’ adoption of Europay MasterCard and Visa (EMV) point-of-sale terminals, the sophistication of criminals, the increased value of identity data, and retailers’ lack of updated and robust fraud prevention technology.

However, there are a number of ways online retailers can protect themselves against fraudulent transactions, including updating their fraud prevention technology, ensuring consumers who sign up for an account are legitimate shoppers, differentiating their fraud prevention strategies for desktop and mobile devices, and ensuring their vendor partners have the necessary security measures in place.

The fraud problem is twofold and cyclical. When a retailer suffers a data breach, shopper data is compromised. Then, with the increase in compromised records, criminals can make online purchases with legitimate credit card information and “identities,” which makes it harder for retailers to distinguish good customers from criminals. So a data breach, in addition to hurting the breached retailer’s reputation, potentially harms all retailers.

Since 2003, 9.73 billion records have been lost or stolen, according to data security vendor Gemalto’s Breach Level Index. That means nearly everyone has been affected by a breach. As Don Bush, vice president of marketing at fraud prevention services provider Kount likes to put it: “If you have three credit cards in your wallet, two of them have been compromised.”

In the last year, both the number of merchants reporting fraud attempts on their sites, and the number of consumers reporting that they were a victim of identity theft rose. These issues are bound to get worse with the growth of data and new devices, says Mike Gross, head of global fraud and identity product innovation at Experian, an information services vendor.

“It’s unfortunately been a very public phenomenon where nearly every quarter, a new massive breach is announced, sending consumers scrambling to protect their personal information while businesses layer additional authentication and fraud controls to limit the damage from more data leakage,” he says.

For example, in the Adidas breach, criminals stole the contact information, usernames and encrypted passwords of potentially several million consumers who made a purchase on In the Macy’s data security breach, criminals accessed credit and debit card information, names and birthdays of “a small number” of and customers between April 26 and June 12, the retailer says.

Criminals have two main ways to use the stolen credit card data: they can go shopping or they can sell the stolen data—the birthdays, email addresses and shopping behavior—which can enable criminals to assume a consumer’s identity.

“Data is becoming more valuable than cash or credit cards,” says Monica Eaton-Cardone, founder and chief operating officer of chargeback remediation and loss recovery vendor Chargebacks911.

One in five U.S. online households has experienced an online security breach, identity theft or a similar crime during…

To get immediate access to the rest of this article, sign up for a free Strategy Membership using the Join for Free button below. If you’re already a member, please sign in.

Want to read more? Unlock Free Strategy Membership