Ask the Experts: Assessing the Cost of Security Breaches
High-stakes hacking has been a major theme for American businesses in 2014. The recent wave of data breaches at popular retailers have made consumers more aware — and warier — of the very real threat that their sensitive financial information could slip easily into criminal hands.
In the past year-plus, hackers have infiltrated the payment systems of several big-name retailers — the most notable of which include Target in late 2013 and most recently Home Depot — accessing credit and debit card data for more than 100 million consumers. Other recognizable names that suffered breaches of lesser scales involved Neiman Marcus, P.F. Chang’s, Michael’s and Supervalu.
Financial Information Insecurity
Although much of the shock associated with data breaches has worn off as consumers return to patronizing previously hacked retailers, which, along with financial institutions, are responding with beefed up security measures, many still wonder how safe their financial information is and whether these emerging threats will eventually bring a cost to their own wallets.
“Perfect security is a myth,” said Mike Whitman, Director of the Center for Information Security Education at Kennesaw State University.
All of the security experts WalletHub consulted agreed. “No enterprise is 100 percent immune to data breaches,” said Amos Olagunju, a professor of computer science and information technology at St. Cloud State University. “All enterprises ought to have operationally defined security policies and procedures,” a lack of which was exactly what led to the Target and other breaches.
Experts also acknowledged that the retailer attacks during the past holiday shopping season showed an advanced level of technical ability. With hackers constantly learning how to bypass security, businesses will need to keep up with system upgrades, which come with costs that typically get passed on to consumers in the form of higher prices for goods and services.
But consumers needn’t worry too much. They don’t have to concern themselves with any unauthorized transactions that hackers rack up on their accounts, as credit cards — and to a lesser extent, debit cards — guarantee zero liability for such charges. Provided that consumers also apply common-sense safeguards to their financial information, such as changing login credentials on a regular basis or downloading antivirus software for their computers, identity theft shouldn’t be too big of a problem.
Looking to the Future
In the wake of the breaches, retailers, financial institutions and the federal government have kept busy beefing up security measures. Businesses have implemented improved encryption systems, set up call centers and employed credit-monitoring services — significant unbudgeted expenses costing tens of millions of dollars but offset by insurance reimbursements for those who were hacked.
Card issuers such as J.P.Morgan Chase and CapitalOne, which shoulder the heaviest burden of protecting consumers, responded initially to the breaches by reissuing cards and have also continuously monitored customers’ accounts for any signs of fraud and identity theft, the fastest growing crime in America.
The most sweeping action, however, came from the White House. On Oct. 17, President Obama signed an Executive Order for the BuySecure Initiative to speed up the transition to more sophisticated payment technologies, prevent identity theft and discuss best cybersecurity practices with stakeholders.
By January 2015, a raft of policy changes that include switching to microchip and PIN technology as well as enabling payment terminals that accept them will be implemented. The federal government, Wal-Mart, Walgreens, and of course Home Depot and Target will be participating in the national effort. But credit card networks, including American Express, MasterCard and Visa are the powers fueling the transformation.
Recently, many banks have also began experimenting with more sophisticated ATM technology, such as fingerprint account access and advanced software protection. This is in response to a forthcoming shift in tactics among financial criminals, according to Wade Chumney, assistant professor of business ethics and law at Georgia Tech University.
“In the future it is likely that attacks may focus more on the software that runs the ATM, as this provides greater potential rewards for the thief, and potentially less risk,” he said. “While future security will still focus on physical attacks, by implementing new hardened designs, they will also feature security that is less obvious to the user, as in the software utilized to run the device.”
However strong a fight merchants and banks put up against cybercriminals — through encryption, credit monitoring or advanced hardware — their efforts face new obstacles every day. Policy hurdles must be overcome, consensus among industry stakeholders must be achieved and technology that outpaces rapidly evolving criminal endeavors must be innovated. “The protection of personal information calls for joint efforts from consumers, corporations and government,” Olagunju said. “All have a role to play in ensuring data protection.”
Ask the Experts
- What are the lasting lessons from the recent string of high-profile data breaches?
- What needs to be done to ensure that our personal information is better protected in the future?
Was this article helpful?