“Don’t worry, our customers are protected.”
That’s often the first line in the press release from a large retailer after a data breach.
As a public relations countermeasure to a compromised database, the penetrated entity immediately announces that it has purchased, at no charge to the customer, one year of Identity Theft Protection program.
Consumers think, “Great, I feel a little better.”
Intending to soften the blow, the target of the breach has just announced to the perpetrators when it will be safe to start using the stolen data.
Big fat open secrets
Consequently, 13 months or so after the breach, when most consumers fail to renew the service due to the perception that the threat has passed, the fraudsters start to work.
Bam, fraud begins to emerge inside the financial lives of the unsuspecting customer.
That’s just the beginning of the gift that keeps on giving, when a retailer blows it.
Reissuing cards can be an expensive endeavor in response to a massive breach. To make matters worse, the company responsible for the breach is not responsible to the financial institution for the cost of replacing the cards nor the additional expenses incurred to identify and monitor the comprised cards.
On the flip side, card processors unapologetically generate a great deal of revenue from events such as the Target and Home Depot compromises.
So, one could ask the question, how effective are the fraud monitoring systems in detection after the fact? Can they truly intercept and stop fraud? Or just alert you that something is going on with your cards? Do their systems act immediately? Or wait for human intervention?
What happens next?
As the increase in data breaches continue, financial institutions have developed new techniques to reduce fraud-fighting costs and in an effort to delay or eliminate massive card reissue programs, but they have limits.
Where do we go from here?
First of all, in light of today’s virtual and ongoing threats, nobody should go without identify theft monitoring.
Period. No one!
Consumers conducting business on the internet using personal financial information that do not have identify theft protection are running stark naked in a cold wind!
This is a very dangerous scenario that could lead to severe and adverse consequences.
Furthermore, financial institutions need to amp up their game in fraud monitoring and most certainly keep a calendar of breaches, ID insurance announcements, and expiration dates of these programs. As an early warning measure to a resurgence of fraud on compromised accounts financial institutions should be ever watchful, specifically as these programs begin to expire, to protect their customers and their institutions.
With the internet, even though your doors are locked, your institution is always open!
Fraud monitoring resources should be operating under a 7 X 24 X 365 scenario. Fraud monitoring and response teams need to emulate this understanding and be watchful continuously.
Vigilance needs to be virtual and continuous, not just Monday thru Friday!
Finally, criminals make it their business to know when you are not paying attention. Do you? Perhaps it’s time for you to renew your fraud fighting program!