Guest Perspective: The Future of Data Breaches
By Michael Hagen, CEO, IDchecker
With the recent resignation of Target CEO Gregg Steinhafel, the story of the Target breach soon will probably fade away into darkness. Target will likely implement new anti-fraud services and spend millions of dollars on both hardware and software. I would say it will take a few years for customers to fully regain trust in the company, which will always be associated with “the big data breach” regardless that it was a third-party vendor responsible for the data compromises.
Will these measures prevent it from happening again? I don’t believe they will. This is not an article about Target; nor is Target the latest victim in a never-ending series of attacks aimed at separating customers from their hard-earned money. The fact of the matter is, attackers will always find their way into systems that offer a high enough reward—they will devote the resources to make it happen. One look at the anatomy of the attack on Target and you can see how determined the attackers are to make things work to their advantage.
With e-commerce growing year after year, breaches like this will happen more often. The public is aware of data breaches, yet at the moment there is little they can do to prevent them. Merchants ask their customers for all sorts of data and store it behind their own firewalls. They often think: the more data we have on our customers, the more value we create. This might be true on one hand, however on the other, they become valuable targets for fraudsters and hackers.
CardHub provides a fantastic all-in- one resource for fraud statistics, and I’d like to highlight some points:
- Credit card and debit card fraud resulted in losses amounting to $11.27 billion during 2012.
- In 2012, the U.S. accounted for 47.3 percent of the worldwide payment-card fraud losses, but generated only 23.5 percent of total volume.
- Retailers incur $580.5 million in debit card fraud losses, and spend $6.47 billion annually on credit- and debit-card fraud prevention annually.
$6.47 billion is spent annually on fraud prevention and yet annual losses amount to $11.27 billion. This adds up to a cost of approximately $18 billion which makes me wonder if it is even worth storing personal data behind firewalls in this way. Perhaps we could store only the most necessary information, from a legal and compliance point of view, behind our firewalls? I believe this could be the way of the future.
Currently, there are a number of initiatives taking place that are considering alternative ways to identify and register customers. The U.S. government is funding projects and initiatives that will enable E-ID’s for citizens to interact with government bodies and merchants. The EU and India are working on implementing similar frameworks. Governments themselves do not operate these initiatives. They are all run by third-party providers, of which there are many to choose from.
What would such a process look like?
The consumer registers him or herself at a Trusted Third Party (TTP) and gives the TTP all their relevant data. This may be personal details such as name, address, DOB, and any financial information such as credit-card details, etc. The consumer will then create a profile instructing the TTP which information he agrees to share and with whom, allowing the consumer control over their shared information.
In my opinion we as consumers, need to take these initiatives seriously. This is the first step in protecting ourselves online in that it enables us to take control of our data. It will allow us to reduce the number of data breaches, since there is no stored personal data on the merchant side. It will significantly lower the amount of money that merchants are now spending on fraud prevention as well as lower the costs of credit- and debit-card fraud. In an ideal world the money that merchants save will flow back to the consumer and this will be reflected in lower prices for all.
Michael Hagen is the founder and CEO of IDchecker, an international ID document verification company that is considered a market leader in the U.S. and Europe. Launched in 2004 as an automated service for HR and employment agencies, Hagen shepherded IDchecker into the global market for online identity verification. The company has grown in Europe and North America and the product line has been expanded to offer solutions for any business facing domestic and international ID document validation.