Time to slam data breaches
What are you going to do about it?
- |
- Written by Dan Fisher
- |
- Comments: DISQUS_COMMENTS
Copper River Group—my company—just published Data Breach Events And The U.S. Population. In the report we note that 70% of the country has been impacted by data breaches during the last 16 months.
This number is not going down, with the Anthem breach being one of the most recent revelations.
There is no doubt that corporate America, retailers, and healthcare providers in addition to institutions of higher learning do not understand their responsibility when it comes to protecting the data that we entrust them with.
Where does the buck stop?
The system is flawed because it lacks accountability.
Yes, executives at Target have lost their jobs due to the breach. But so have thousands of employees and the stock has tanked.
But what about the consumer?
March 3, Target proposed a $10 million settlement pool for individuals that who lost money as a result of the company’s data breach. The proposal awaits court approval and requires consumers to prove their losses and apply for a reimbursement.
How ridiculous is that!
Let’s just think of the worry this event has caused consumers. In my opinion, $10 million hardly amounts to accountability. Furthermore, financial institutions should be reimbursed for the cost of card re-issues. Where is that in the settlement?
I am certain, if the cost of accountability was significantly increased, the executive suite in these businesses would start paying attention to technology and related risks. The costs that consumers and the financial industry incur as a result of these obviously negligent actions are growing unabated. On the surface, little change in behavior or attitude can be detected.
Accountability grows critical
The cold reality is that the industry must reform, starting at the card brands. VISA and MasterCard must implement greater accountability at the corporate level with stronger data protection standards at the merchant or acquirer levels.
In essence, stronger security controls are absolutely necessary and corporate America needs to start taking this situation seriously.
Breaches or failure to implement a mandated standard must be met with swift repercussions in the form of new restrictions; reimbursement of costs to financial institutions; fines; and even revocation of merchant or acquirer processing.
That’s right: “Cash and Check Only,” because your card option has just been revoked!
Businesses need to demonstrate on a regular basis that they are complying with the security standards and are constantly upgrading systems.
The risk is if the industry does not do something soon, Congress will!
ID theft must also be solved
Even if the card brands step up and lead the way, that is only part of the problem. Identity theft is also growing and this can range from a single individual having their identity stolen to a large-scale breach resulting in thousands of identities stolen.
Financial institutions must step up their role in protecting customers and their identities by seeking out vendors that offer tools capable of scanning and monitoring customer transaction activity and alerting the institution in a 7 x 24 x 365 environment.
Response must be immediate, no matter when
Waiting until Monday or after the holiday (when criminals strike) is too late.
Vigilance and a rapid response is key to protecting your customer. Installing hardened systems that are always on guard with a support team behind the scenes that can act quickly is the new requirement of the virtual world. Nine to five Monday through Friday is no more.
Ultimately, the customer expects the financial institution to protect them, even if they have their data stolen from someplace else. Realistically, the financial institution is in the best position to know if something is going wrong. Taking a stand on the issue with protecting the customer is the only and right thing to do.
The Wombat!
Tagged under Risk Management, Blogs, Beyond the Bank, Cyberfraud/ID Theft,