Security Breach

I received a phone call this past weekend from Kate, my younger sister. She was fuming over her debit card being denied while she was at dinner. When she got home she checked her bank account online. Hmm, she thought –“everything is OK here.” So she called her credit card company only to find that they were closed for the rest of the weekend. She went the entire weekend without money or answers to what happened to her card.

 

Like so many of the people I know, debit/ ATM cards are a staple in their day-to-day life. Many I know believe that it eliminates the need for a credit card. It is more convenient - you rarely have to step foot in a bank.

 

This may seem odd to some, but to many it is a way of life. And, it is catching on. 

 

According to The Nielsen Report (via The Wall Street Journal’s article “Visa Warns of Data-Theft Risk for Customers” – subscription required) there has been a 17.8 percent increase in the number of transactions on Americans' debit cards.  2005 total US Visa and MasterCard debit card charges jumped to $827.09 billion, up 19.2 % from 2004.

 

Monday, Kate found a letter in her mailbox informing her that her debit card had been shut down due to a suspected security breach. The bank had not been informed by the credit card company of the breach, leaving most of their customers, including Kate, in dismay. The credit card company will have her new card within the next two weeks.

 

Turns out, Kate fell victim to one of the most recent security breaches, affecting an estimated 600,000 people.

 

A new report from Intersections Inc. entitled “2005: The Year of the Breach?" states that in 2005 at least 130 data breaches exposed the personal information of more than 55 million Americans.

The flurry of reported data breaches, driven in part by new security breach notification laws, is changing consumer perceptions and forcing companies to rethink how they communicate with and engage consumers on issues of privacy and security.

Well put. One year ago the thought of someone tapping into my personal information did not cross my mind. So, it leaves me to ask these questions: With the rate of technology impressively increasing each year, and the number of data breaches increasing with it, which will be victorious in the end? Our privacy and security or the thieves hunting for information? What does that mean for the relationship between businesses and consumers?

 

It will be interesting to see a year down the road...

 

 

 

Stolen Identities

Well, it finally happened to me.  My credit union called last Friday to ask if I had bought $860 worth of merchandise at a Chandler, Arizona, Wal-Mart the prior day.  I said no, I had never set foot in Chandler.  The credit union representative then asked if a second Visa charge at another Wal-Mart was legit.  Luckily, the bank put a hold on my card, and is now investigating.  But no one could explain my financial liability, only that I would soon receive a form in the mail.

What is scary is that I did not lose my credit card.  Someone accessed my number and created a phony card, signing it with a phony signature.  I am certainly not alone.  In the last year, 8.9 million American adults were victims of identity fraud.  These were individuals like me, who not only had their personal information stolen, but actually experienced fraud.  Identity theft is more serious – this occurs when someone opens up a new account in your name, creating a second false identity.  Is that next for me?

According to a recent IBM survey, one in seven Americans had their personal data or credit card information illegally accessed.  Companies have lost records of former employees, financial institutions have misplaced files containing account numbers, hospitals have posted patient records on the Internet, and state agencies have thrown away files with the names, dates of birth, and Social Security numbers of individuals clearly noted.  These cases may or may not include the situation that happened to me, where a criminal steals a credit card number and uses it to make a major purchase.

Consider these facts: 

• In 2005, there were 152 data breaches, potentially affecting 57.7 million consumers.
• Identity fraud cost U.S. victims $56.6 billion last year, according to the Javelin 2006 Identity Fraud Survey Report. That figure is up from $53.2 billion in 2003. The number of identity-fraud victims dropped, but the average fraud amount increased per victim to more than $6,000.
• In most cases, thieves accessed personal information the old-fashioned way, by stealing a wallet or checkbook, or by “dumpster diving” for thrown-away credit card receipts and phone bills. 
• Researchers interviewed 5,000 people by telephone, and found that nine out of ten data fraud incidents occur offline, not online.
• Almost half of all identity theft is committed by friends, neighbors, in-home employees, family members or relatives (in cases where the victim was able to identify the source of fraud).

In all of 2005, we saw a disturbing trend.  Half of all security incidents impacted colleges and universities.  Think about all of the paperwork you fill out when you attend college, and all of the detailed information you provide to the admissions office.  We’re talking not just name, date of birth, and address, but detailed financial information and bank account numbers.  Many of these college students could have credit problems for years. 

What is the message in the most recent survey data? 

• The number of fraud incidents in the United States is down from last year, but the overall dollar figure is up.  And remember that we are talking about savvy criminals.  They will find other ways to steal this data. 
• Using the Internet to manage your financial accounts is far safer than sending a check in the mail.  In fact, it is foolish to leave your Visa payment in your mailbox.  It is equally foolish to receive your bank statement in the mail, unless you have a mail box with a lock, or a drop slot in your front door.
• The group at highest risk for fraud includes those aged 35-44, the very people we assume are Internet savvy.

No one is immune, however, from children to the elderly, college students to soldiers.  And no industry is immune, including government agencies, hospitals, financial institutions, and utility companies.  And, of course, employees of public relations agencies.

Internet-a-phobia

A few months ago, I discovered an unwelcome guest on my home laptop: a pernicious piece of spyware called “Winfixer.”  Winfixer launches whenever I open Explorer on my computer, with popups that tell me that my computer is “not protected” and that I need to download the Winfixer program.  Closing the popup window brings up a second popup window that prompts me to start the download, and clicking on “cancel” at that point basically causes the download to start.  I tried removing Winfixer using “Add/Remove Programs,” which didn’t work.  Eventually, I just got accustomed to minimizing the Winfixer popup windows, but the whole experience was irritating and vaguely unsettling. What was the program and what was it doing to my computer? Finally, last night, I had had enough. I did a Google search on Winfixer, which led to a post on a Dell online forum with a link to a free program that supposedly eradicated the stubborn virus.  I ran it last night.  So far, so good – Winfixer appears to be gone. 

But this all leads me to a broader point: technology can be unsettling. Yes, the Internet is a wonderful thing – information at our fingertips, shopping from our living rooms, instant communications with far-flung friends, yadda yadda yadda.  That’s not newsworthy anymore. Yet what is interesting is the number of people who pass up all these great opportunities simply because they are uneasy.  According to an article in InfoWorld, 70% of Internet users will only use sites that display a security protection seal, while 64 percent will not conduct online transactions on a shared computer. 50 percent of users don't use public wireless networks, such as hotspots in airports or coffee shops, 38 percent don't bank online and 37 percent will not use credit card information online.

These numbers suggest that the potential of the Internet has been vastly compromised by people’s fears -- founded or not -- about what can happen to them if they shop online or using a public computer. And these fears are getting stronger: In the last 12 months, 18 percent of Internet users actually stopped paying bills online and 16 percent stopped playing online games.

And I haven't even touched on the Bush administration's recent efforts to get personal search records from Google...

I'm not sure what the answer to all of this is.  We live in a scary world, and there are no simple fixes.  I do know that I will probably keep using the Internet -- for shopping, for information, to stay in touch -- with the same frequency I use it now.  I am way too dependent on it, and way too grateful for the ways it has improved my life, Winfixer notwithstanding.

My Location is in the Public Domain

There are some innovations that straddle the line between unbelievable and… well, creepy. On my list right now:

Item #1: Google Earth. When it launched last year, I’ll admit I was one of the people who downloaded it immediately and spent the entire afternoon plugging in every address I could think of, fascinated by the fact that I could have a 3D image of anywhere in the world at a moments notice. (If you haven’t already checked it out, try it) There’s several blogs (here and here) dedicated to the latest and greatest on Google Earth, offering a constant stream of news and updates.  

 

 

 

However, an article highlighting international security concerns makes me think, in our increasingly transparent society, how much information is too much?

 

 

According to Vipin Gupta, a security analyst at Sandia National Laboratories in Albuquerque, “When you have multiple eyes in the sky, what you’re doing is creating a transparent globe where anyone can get basic information about anyone else. Times are changing, and the best thing to do is adapt to the advances in technology.

Interesting, but transparency in absolutely everything? I don't know that I should be able to locate every government building and military base in Uzbekistan- and the idea that I have access to such info doesn't leave me feel enlightened in New Persuasion thought... it scares me.   

Item #2: Cell phone advertising, specifically “I know where you are so I’m going to adjust your ad accordingly” cell phone advertising. A recent NY Times article (reg. required) touched on this up and coming technology. IamPowered says this about it :

Marketers said they were particularly excited about the prospect of eventually using cell phones, many of which are equipped with global positioning systems, to send ads to consumers based on their location. With that information, marketers could, in theory, send pitches from retailers to cell phone users who might be in the vicinity of a store.

Wow. While there are some benefits (AdPunch give you 12) it's hard to look past the ad overkill. I see your billboard. I hear your commercial. I minimize your pop-up. Instead of finding a way to stalk me using new technologies, make a product or service that is worth finding. Don't worry, if it's valuable to me, I'll find you.