Fraud and ID Theft Go Hand in Hand2011 Will Force Banks to Shift Thinking, Protect Consumers
As Adam Dolby of Gemalto North America puts it, going forward we have to "shift" the way we think about fraud prevention. "What it requires is a bit of a shift in thinking, from both security companies as well as financial institutions," Dolby says.
And here's another shift in thinking industries from financial services to healthcare have to embrace: Most fraud is linked to identity theft, a growing trend that adversely affects everyone.
It's clear we're at a fraud tipping point in the U.S., and banking institutions know it.
We've written quite a bit over the last several months about identity theft and identity theft prevention. In fact, we conducted several interviews with ID theft victims themselves, and to hear their stories about drained bank accounts, lingering fraud battles and personal hardships is eye-opening.
We should all get perspective from the victims more often. Their stories clearly prove current steps taken to prevent fraud are not working.
Mari Frank, an attorney who specializes in fighting for the rights of ID theft victims, and an ID theft victim herself, says financial institutions, as lenders, are responsible for protecting their customers from compromise, especially where Social Security numbers are concerned. Institutions need to be vigilant about updating systems, educating employees and ensuring they don't store sensitive identifiers in places or databases that can be easily accessed or hacked.
"The Social Security number is the key to the kingdom of almost every type of identity theft," Frank says. "It's the key to medical-benefit theft, government-benefit theft, you name it."
Auditing systems and updating databases to ensure no sensitive or unnecessary information is being stored in dusty places are steps recommended by attorney and privacy expert Kirk Nahra.
"We have to look at what companies can do to protect against risks from outsiders, and we have to look at what companies can do to police their own workforce," Nahra says. It all goes back to better controls: "limiting where you have the information, how you use the information and not giving out information unless it is absolutely necessary."
It's clear we're at a fraud tipping point in the U.S., and banking institutions know it. Results from our Faces of Fraud survey, conducted in the fall, prove that.
Our survey finds that most institutions still struggle to curb fraud, and far too many -- 76 percent -- rely on customers to notify them when fraud occurs. That's not a good practice. Banks and credit unions need to be the experts. Besides, we need to figure out how to fill the gaps, so the attacks don't slip in through the cracks to begin with.
According to the Identity Theft Resource Center, malicious attacks still account for more security breaches than do human error. In 2010, hacking accounted for 17.1 percent of the 662 database breaches reported by the ITRC across industries. Insider theft accounted for 15.4 percent. And that number and those percentages are likely low, since victim-breach notification is not required in every state or by every industry.
Financial institutions are at the center of all of this, since hacked databases most often lead to compromised personal information and identity theft. And what do fraudsters do with stolen identities? They create aliases and falsified documents that allow them to open bank accounts, apply for loans and credit, take out mortgages.
How will the industry respond in 2011? You tell me.