2017 was a record-breaking year for data breaches, and the financial world is staggering from the hundreds of high profile breaches that put acquiring institutions on the line.
Statistica’s 12-year data breach graph highlights a sobering trend. Data thieves are getting much better at stealing information and companies are not showing a commensurate growth in security capabilities. These breaches aren’t just causing the loss of non-sensitive data but of highly sensitive information ranging from Social Security Numbers to Drivers License numbers and a host of other personally identifiable information (PII).
One specific data breach had a disproportionate effect amongst the 1,600 data breaches from 2017; KYC or Know Your Customer. According to risk expert, Deana Rich of Rich Consulting,
“independent sales organizations should be especially concerned with breaches related to credit card data and stolen PII.
It doesn’t take much effort for a criminal to open an account in someone else’s name once social security numbers, birth dates, and other PII’s are stolen. Secure Identity Systems works with hundreds of banks across America and in our experience with financial institutions, most small acquirers considered themselves to be immune to data breach risks. The 2017 data breaches changed that sentiment for these institutions. Personally identifiable information is incredibly important to protect, and regardless of whether or not an institution manages sensitive credit card information, acquirers should be very careful in their management of customer information.
The Lesson From the KYC Breach
Increased technology is not just a luxury, but a necessity in 2018. Undoubtedly, the KYC breach teaches us many lessons. The 2018 MWAA Conference will cover some of these lessons and the importance of defensive proactive technological steps that companies like KYC should take in response to the staggering increase in data breaches. Brett Johnson, a security consultant and speaker at the MWAA conference this year pointed out that organization-wide education goes a long way toward mitigating false account creation and data breaches. “Teach security from the ground up, from the person sweeping the floor to the person cashing the checks,”
Companies that are proactive institute KYB (Know Your Business) reviews at the time of account creation and periodically review throughout the relationship. Other companies let their KYB oversight fall by the wayside in their struggle to keep up with the fast-moving industry. But following the major consumer data breaches in 2017, strong KYC and KYB processes are more imperative than ever.
The MWAA conference will provide access to some of the leading minds on these issues, and you’ll learn what cybersecurity looks like from
both the criminal and defense sides. We recommend you attend or follow the security experts in order to avoid a data breach and protect your customers from feeling the full brunt of a breach, like KYC, Equifax, Yahoo, Target (the list goes on).
We discuss in our white paper, some of the potential responses institutions can make with the help of Secure Identity in our white paper.
Another great resource (gated content) is from IBM. We highly recommend that consumers and financial institutions read their “Cost of Data Breach” study to get additional insights into the effects of data thieves. For consumers, we recommend that you read our Step by Step guide to Responding to Data Breaches. You can’t always avoid savvy criminals, but there is a lot an individual and a company can do in order to minimize damage and maximize recovery.
RESOURCE: How the Data Breaches of 2017 Changed the Security Landscape for Acquirers: Sponsored by Discover Global Network