Data Breaches and Your Customers
It seems that every day lately there are reports of a new hack against a major company – from Sony to Lockhead Martin to Citibank. Over the last six years, there have been 288 publicly disclosed breaches at financial services companies that exposed at least 83 million customer records, according to the Identity Theft Resource Center. The Privacy Rights Clearinghouse reports 56 major breaches from hacking so far this year alone. The RSA Breach in March has elevated the interest of this issue but getting useful information means filtering the signal from the noise. Here’s a round-up of relevant stories on the breaches and their fall-out.
Token replacement could take 6-8 months and isn’t free for banks.
Token replacement looks like it could cost the banking industry between 50 and 100 million dollars
Citi’s breach looks to now have effected 360,000 instead of the 200,000 initially estimated.
Citi’s breach looks to have it’s origins in eastern Europe and the hackers weren’t impressed with Citi’s defenses.
Deloitte reports that of all nations, the United States has the most financial institutions that were still “catching up” on security.
Small banks are stuck between a rock and a hard place as many want to switch from their tokens but it will be too hard to diversify the technology.
Breach emphasizes relying on any one system too heavily is poor practice, according to Eve Maler, principal analyst at Forrester Research.
Federal Deposit Insurance Corporation Chairwoman to call on some banks to strengthen their authentication procedures when customers log onto online accounts.
Forrester finds many companies looking away from hard token solutions
Another 1.3 million users have their data stolen. Recommendations to change passwords.
Costs for mitigating risk of compromised tokens to fall heavily on consumer-focused businesses, banks and other financial organizations.
KuppingerCole recomends methods for guarding against social engineering and replacing compromised tokens as soon as possible.
“Not every breach results in a crime. But identity theft has ranked first among complaints to the Federal Trade Commission for 11 consecutive years, with 1.34 million in 2010, twice as many as the next category, which is debt collection.”
Breaches emphasize that relying on any one system too heavily is poor practice, according to Eve Maler, principal analyst at Forrester Research.
Gartner suggests companies with legacy tokens add additional security measures until they can be replaced.
Customers in industries not designated by RSA as being at high risk of attack – and to which RSA may not yet have reached out – will have to pay for new tokens.
Recommended For You
The CERCA Spring Conference, held on May 16, capped a broadly successful 2018 filing season that saw tax identity theft reduced by […]
Hackers. They steal and sell data, especially at the point of sale and during customer acquisition periods. No customer wants […]
Fraudulent account activity and identity fraud are both significant drains to today’s business resources. In the era of online and mobile commerce, […]
Fraudsters are a smart group. With each fraud prevention method that’s introduced, they figure out ways to work around it. […]