Blog article
See all stories »

Data breaches and fraud-worse than you think

Today newly released Javelin research shows that the 11% of US people who received one of those "throw-away" data breach notification letters really *are* at greater risk of ID fraud. Experts: if you're not surprised, than you know something that over 300 million Americans don't: our research also shows that actual fraud victims who received a data breach letter are very unlikely to attribute their crime to the data exposure. Bottom line, we've got an indisputable correlation between losses and fraudulent transactions, and yet people are walking around oblivious to their risk. 


Consumer education is so challenging, and when data is crystal-clear the ramifications needs to be shouted out. 


Over one in ten U.S. people received a data breach letter within each of the past three years. Those people are well over four times as likely to become a victim of a fraudulent transaction, which may include new or existing accounts. Identity fraud added up to U.S. $48B on the face last year, not counting systems, staff the costs to replace lost merchandise and customers, and our review of other global markets shows high figures elsewhere. The average U.S. identity fraud victim will spend 30 hours and $496 out-of-pocket costs to restore their affairs, merchants and financial providers will spend billions to protect systems and brands, and law enforcement will spend everyone’s money to chase the bad guys. 


Please help get the word out: consumers must stop taking data breaches lightly, and companies must work hard to protect those that have been notified. 


Comments: (2)

A Finextra member
A Finextra member 27 October, 2009, 23:36Be the first to give this comment the thumbs up 0 likes

Hear hear!

I do however understand the difficulty and the feeling of helplessness the customer might feel but recognise that it is shared by the business. Once the data is gone, it is out of the bounds of the company's control too.

While that doesn't mean throw up your hands and give in, doing what you might, like changing the customers cards etc may help a bit and at least show the customer that you're trying. Of course the data is out there and unles you are a Credit Agency there's little you can do to mitigate potential fraud for your betrayed and exposed customer.

I do believe that the way some businesses go about things is probably the biggest waste of money in and history will be looked back upon as the dark days of technology where snake oil and misrepresentation abounded. Many security 'providers' belong up there with nickel and dime western authors from the turn of the previous century.

One of the original and real leaders of security on the internet Eugene  Kaspersky recently called for an 'internet passport' because even he sees that battleground all but lost to the attacking hordes.

A Finextra member
A Finextra member 02 November, 2009, 17:28Be the first to give this comment the thumbs up 0 likes

With the technology available today to help mitigate data breeches, companies should be doing more to protect their customers. Too often companies spend less on protecting customer personal identiying information, than they would if they actually had a breech. For that very reason, many decide to hold off, feeling that "it won't happen to them" and therefore the risk is low, so why bother.  With as you say, "the average U.S. identity fraud victim will spend 30 hours and $496 out-of-pocket costs to restore their affairs," we should not tolerate data breeches any longer.

GLBA, HIPAA and PCI compliance mandates have been around for quite a while.  Yet, we still have companies using "cheap and free" technologies that are known to be risky to data breeches.

The average person does not understand how computers and data networks work and how data gets passed around company to company so as to make commerce flow, so relying on the consumer to understand it and help stop it is not going to happen. With mobile transactions growing the problem will only get worse, if companies don't get serious about protecting data.

Therefore, while we all need to be aware of identity theft, and try to protect ourselves, it is really up to the corporate world to put the customer first and start really getting serious about protecting our data.


Now hiring