Banking Exchange Magazine Logo

Warning: It’s time to renew!

(Memo to crooks: Open season on old victims begins in month 13.)

Obvious and mediocre won’t be found here—but “Why didn’t I think of that?” will! Challenging the banking status quo is Dan “The Wombat” Fisher’s personal mission. Obvious and mediocre won’t be found here—but “Why didn’t I think of that?” will! Challenging the banking status quo is Dan “The Wombat” Fisher’s personal mission.

“Don’t worry, our customers are protected.”

That’s often the first line in the press release from a large retailer after a data breach.

As a public relations countermeasure to a compromised database, the penetrated entity immediately announces that it has purchased, at no charge to the customer, one year of Identity Theft Protection program.

Consumers think, “Great, I feel a little better.”

Intending to soften the blow, the target of the breach has just announced to the perpetrators when it will be safe to start using the stolen data.

Big fat open secrets

Consequently, 13 months or so after the breach, when most consumers fail to renew the service due to the perception that the threat has passed, the fraudsters start to work.

Bam, fraud begins to emerge inside the financial lives of the unsuspecting customer.

That’s just the beginning of the gift that keeps on giving, when a retailer blows it.

Reissuing cards can be an expensive endeavor in response to a massive breach. To make matters worse, the company responsible for the breach is not responsible to the financial institution for the cost of replacing the cards nor the additional expenses incurred to identify and monitor the comprised cards.

On the flip side, card processors unapologetically generate a great deal of revenue from events such as the Target and Home Depot compromises.

So, one could ask the question, how effective are the fraud monitoring systems in detection after the fact? Can they truly intercept and stop fraud? Or just alert you that something is going on with your cards? Do their systems act immediately? Or wait for human intervention?

What happens next?

As the increase in data breaches continue, financial institutions have developed new techniques to reduce fraud-fighting costs and in an effort to delay or eliminate massive card reissue programs, but they have limits.

Where do we go from here?

First of all, in light of today’s virtual and ongoing threats, nobody should go without identify theft monitoring.

Period. No one!

Consumers conducting business on the internet using personal financial information that do not have identify theft protection are running stark naked in a cold wind!

This is a very dangerous scenario that could lead to severe and adverse consequences.

Furthermore, financial institutions need to amp up their game in fraud monitoring and most certainly keep a calendar of breaches, ID insurance announcements, and expiration dates of these programs. As an early warning measure to a resurgence of fraud on compromised accounts financial institutions should be ever watchful, specifically as these programs begin to expire, to protect their customers and their institutions.

With the internet, even though your doors are locked, your institution is always open!

Fraud monitoring resources should be operating under a 7 X 24 X 365 scenario. Fraud monitoring and response teams need to emulate this understanding and be watchful continuously.

Vigilance needs to be virtual and continuous, not just Monday thru Friday!

Finally, criminals make it their business to know when you are not paying attention. Do you? Perhaps it’s time for you to renew your fraud fighting program!

—The Wombat!

Dan Fisher

Dan Fisher is president and CEO of The Copper River Group, a consulting firm headquartered in Fargo, N. D., that focuses on technology and payment systems research and consulting for community financial institutions. For nearly 30 years, Fisher has worked in the financial industry using technology to improve the bottom line. He was CIO of Community First Bankshares (now part of Bank of the West), has served as a director of the Federal Reserve Board of Minneapolis, the chairman of the American Bankers Association Payment Systems Committee, and was a member of the Independent Community Bankers of America Payments Committee. Fisher has written numerous articles on banking technology and the payments system. He has authored or co-authored six books and recently published a book titled, "Capturing Your Customer! The New Technology of Remote Deposit." You can contact Fisher at [email protected] or at 701-293-6222.
P.S. To understand Dan's nickname, check out "About the Wombat" on his website.       

back to top


About Us

Connect With Us