For Finextra's free daily newsletter, breaking news and flashes and weekly job board.
I do however understand the difficulty and the feeling of helplessness the customer might feel but recognise that it is shared by the business. Once the data is gone, it is out of the bounds of the company's control too.
While that doesn't mean throw up your hands and give in, doing what you might, like changing the customers cards etc may help a bit and at least show the customer that you're trying. Of course the data is out there and unles you are a Credit Agency there's
little you can do to mitigate potential fraud for your betrayed and exposed customer.
I do believe that the way some businesses go about things is probably the biggest waste of money in and history will be looked back upon as the dark days of technology where snake oil and misrepresentation abounded. Many security 'providers' belong up there
with nickel and dime western authors from the turn of the previous century.
One of the original and real leaders of security on the internet Eugene Kaspersky recently called for an 'internet passport' because even he sees that battleground all but lost to the attacking hordes.
With the technology available today to help mitigate data breeches, companies should be doing more to protect their customers. Too often companies spend less on protecting customer personal identiying information, than they would if they actually had a breech.
For that very reason, many decide to hold off, feeling that "it won't happen to them" and therefore the risk is low, so why bother. With as you say, "the average U.S. identity fraud victim will spend 30 hours and $496 out-of-pocket costs to restore their
affairs," we should not tolerate data breeches any longer.
GLBA, HIPAA and PCI compliance mandates have been around for quite a while. Yet, we still have companies using "cheap and free" technologies that are known to be risky to data breeches.
The average person does not understand how computers and data networks work and how data gets passed around company to company so as to make commerce flow, so relying on the consumer to understand it and help stop it is not going to happen. With mobile transactions
growing the problem will only get worse, if companies don't get serious about protecting data.
Therefore, while we all need to be aware of identity theft, and try to protect ourselves, it is really up to the corporate world to put the customer first and start really getting serious about protecting our data.