29 June 2017
visit www.finastra.com

Financial institutions have lost battle to protect customer data - TowerGroup

16 June 2009  |  9419 views  |  1 safelock

US financial services firms have lost the battle to protect the personal information of customers and must now assume that all their clients' data has been, or will be, compromised, according to TowerGroup.

The research firm says that despite significant media attention, increased state legislative demands, negative customer reaction and substantial costs associated with consumer data loss, millions of customer data records continue to be lost or stolen every month.

Over 100 data breach incidents containing millions of data records were reported in just the first four months of 2009.

Financial institutions must now assume that all of their clients' and prospects' personal information has been compromised or will be, says George Tubin, senior research director, financial information security, TowerGroup.

"While greater access to customer data is key for businesses to improve customer relationship management and business processes, there will always be repercussions, including the possibility of personal data landing in the hands of the wrong parties," he says.

According to a recent study from Verizon, hackers stole 285 million electronic records in 2008, more than in the previous four years combined, with the vast majority of breaches targeting the financial services industry.

Massive breaches involving Heartland Payment Systems, RBS Worldpay, Checkfree and BNY Mellon Shareowner Services have been reported over the last year.

TowerGroup says government regulators need to implement meaningful data breach prevention requirements and penalties that compel businesses to actually protect information.

The firm says that until legislative and regulatory bodies implement these penalties, data loss incidents will persist and worsen. Highly effective and usable data loss prevention practices and technologies are readily available to businesses but are "grossly underutilised", says TowerGroup's Tubin.

Meanwhile, companies should assume that traditional account information such as name, address, date of birth and account balance are useless as authentication factors. Instead they should consider using knowledge-based authentication and one-time passwords delivered via SMS.

Comments: (1)

A Finextra member
A Finextra member | 16 June, 2009, 15:26

Government regulators to implement requirements and penalties?

When government steps in, it usually means that there is not enough competition in the industry.

...will be on the lookout and welcome this government intervention which might just help companies that do offer the best security solutions that will eliminate fraud.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Heartland to fight MasterCard data breach fine

Heartland to fight MasterCard data breach fine

12 May 2009  |  11056 views  |  0 comments
Hackers steal 285m electronic records in 2008 - Verizon

Hackers steal 285m electronic records in 2008 - Verizon

15 April 2009  |  12623 views  |  0 comments
Financial fraud hit 7.5% of Americans in 2008 - Gartner

Financial fraud hit 7.5% of Americans in 2008 - Gartner

04 March 2009  |  11829 views  |  0 comments
US payment processor Heartland reports massive data breach

US payment processor Heartland reports massive data breach

21 January 2009  |  15552 views  |  1 comments
US financial institutions hit by 78 reported data breaches last year

US financial institutions hit by 78 reported data breaches last year

15 January 2009  |  9550 views  |  0 comments
CheckFree warns five million customers of hack attack

CheckFree warns five million customers of hack attack

07 January 2009  |  9496 views  |  0 comments
Wells Fargo hit by data breach

Wells Fargo hit by data breach

12 August 2008  |  15727 views  |  0 comments
Bank of New York Mellon breach hits 4.5m customers

Bank of New York Mellon breach hits 4.5m customers

22 May 2008  |  56682 views  |  0 comments
TJX breach gets bigger with 94 million card numbers exposed

TJX breach gets bigger with 94 million card numbers exposed

25 October 2007  |  9538 views  |  0 comments
Hack attack hits 300 banks

Hack attack hits 300 banks

02 June 2006  |  11219 views  |  0 comments
visit www.events.sap.comvisit wavestone-advisors.co.ukvisit vasco.com/news/PSD2-compliant-solutions

Top topics

Most viewed Most shared
HSBC hires Biggs to lead business model innovationHSBC hires Biggs to lead business model in...
9776 views comments | 16 tweets | 18 linkedin
ABN Amro tests wearable tech for contactless paymentsABN Amro tests wearable tech for contactle...
9268 views comments | 10 tweets | 6 linkedin
Mastercard eyes opportunities to profit from sharing economyMastercard eyes opportunities to profit fr...
7871 views comments | 6 tweets | 6 linkedin
Body blow for PayKey as Apple orders Westpac off its turfBody blow for PayKey as Apple orders Westp...
7443 views comments | 12 tweets | 14 linkedin
BBVA trains 1000 'ambassadors of design'BBVA trains 1000 'ambassadors of design'
6997 views comments | 15 tweets | 14 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job