A breach in personal data security. These words invoke fear and dread in consumers today. Just how secure is a consumer's private information? The recent security breaches at several large financial institutions and credit card processing companies have not helped to ease the uncertainty and concern.
According to a recent study, approximately 9.3 million Americans had their identity stolen last year. While that's still a relatively small percentage of the population, identity theft is rapidly growing. Even more frightening is the amount of sensitive personal data stored in the marketplace today - and potentially accessible to criminals.
Consumers can - and should - take precautions to protect their sensitive information, including limiting use of their Social Security number, tearing up credit card solicitations and using unique, hard-to-guess passwords for online accounts. But with being in the transaction processing industry, you have a leg up when it comes to data security and protecting personal information.
The big issue really isn't about consumers properly securing their own data. Rather, it's a much larger issue surrounding other people who may have data access - the issue of trust. How can consumers really be sure that their data is being protected when in the hands of a third party?
The average consumer - with little working knowledge of the transaction processing industry - probably doesn't have a clue. They must rely on the word of the company that their information is secure, and, as was the case with CardSystems, that might not be good enough. In the past year alone, there have been no fewer than five security breaches at large companies, compromising over 45 million accounts.
What may be more surprising to consumers is that the majority of security breaches are not malicious in intent. Three of the above mentioned security breaches this year occurred at Citigroup, Ameritrade and Bank of America and each company had the modern-day version of "the dog ate my homework" explanation: essentially, backup tapes, containing sensitive information such as account numbers and Social Security numbers, fell off the back of a truck or a plane while in transit to another location. It's well-known that CardSystems' and ChoicePoint's high-profile breaches did involve fraud, but all things considered, secure information is most likely to be exposed unintentionally, often through human error.
Regardless of how it happens or the intent behind it, exposed private information is compromised and at a heightened risk for fraud. And consumers are taking action. Nearly 23 million Americans have received a notice from a company saying that their information has been lost within the past year, according to a nationwide tally taken by The Ponemon Institute. Of those surveyed nearly 20 percent had discontinued their relationship with the offending company, and another 40 percent indicated that they were considering doing the same thing. The potential economic fallout for companies involved in security breaches is enormous.
The best way for companies to prevent security breaches is to take measures internally to better secure consumer data. Diligent self regulation and implementing stricter standards for your own company will go a long way in terms of regaining customer trust and loyalty - and may even give you an edge on the competition.
Secure sensitive consumer data, by:
Encrypting the data to scramble the information, keeping personal data confidential during transfers.
Automatically notifying customers when a breach happens that could potentially compromise the security of their personal data. A step beyond this would be to call each of the affected customers, notifying them of the breach and ensuring that they understand the implications and providing them with the next steps to take.
Providing better, more secure transport for any data that is being transferred from one location to another.
Correcting unhealthy data practices. Many companies - both inside and outside the transaction processing industry - put sensitive data at risk by transferring files over the Internet via e-mail, storing private information on laptops or placing the information on CDs, which can be mishandled, copied or lost.
Not using Social Security numbers as the identifying numbers for clients.
Some companies are stepping up security. Visa U.S.A. recently announced plans to implement $200 million worth of anti-fraud measures, and is toying with the idea of providing incentives for merchants and financial institutions to beef up their security measures. MasterCard also has announced its intention to develop and implement anti-fraud practices.
In addition, Alpharetta-based ChoicePoint is implementing anti-fraud measures, including masking Social Security numbers in reports, and subjecting clients, who have access to private information, to increased audits and site visits.
Equifax Inc., Experian and TransUnion, LLC, the three top credit-reporting agencies in the U.S., also have announced new security measures. They are working together to develop new, stronger encryption methods for sensitive consumer data using encrypted algorithms and 128-bit secret key technologies.
The problem may get worse before it gets better - but with attention, diligence and transaction processing companies leading the way, hopefully consumers can soon feel confident that their private information will remain secure and confidential while in the hands of third parties.
©2005