Banks and consumers need teamwork on data breach prevention
After years as a researcher and courtroom expert witness in the country’s major data breach cases, one thing is clear to me: To consumers, data breaches are about as upsetting as the common cold.
As with the common cold, some data breach impacts are mild. But others should inspire coronavirus-level alarm because the consequences of exposure – in this case, identity fraud – can be significant, even devastating.
The ramifications of identity fraud will follow its millions of victims for the rest of their lives. Yet, when it comes to mitigating the harm, most people aren’t taking helpful protective measures, even when their financial institutions heavily invest to make consumer tools easily accessible.
Despite perceptions otherwise, we believe the problem doesn’t lie solely with the consumer – it lies with the approach. Both consumers and financial institutions must change the way they see the full picture of individual risk.
Just like a credit score provides insights into potential risk factors, so does an individual’s comprehensive data breach history. Based on what, how and where their personal information has been compromised, it’s possible to identify their most likely vulnerabilities using a machine learning algorithm. Armed with the information such an algorithm reveals, both financial institutions and consumers can take hyper-personalized, meaningful action that yields real results.
One obstacle to customer engagement in fraud detection and prevention is that too many voices are offering too much advice – some of it conflicting – about how to respond to data breaches. If consumers aren’t hearing a clear reason or prescription for action, why should they bother to fit yet another thing into their busy days?
Another obstacle to participating in preventative action is that consumer-facing advice is often overly general, such as “check your credit report” or “implement a credit freeze.” While such basic advice can be helpful in some situations, we think generic advice in many instances provides a false and dangerous peace of mind.
That’s because every data breach poses a unique pattern of risk to its victims. When consumers receive yet another data breach notification (and on average, there are four new breaches every day), no one is making the connection to the specific harms they could face, or the most helpful actions to take to avoid those harms.
For instance, victims of card breaches often receive credit-monitoring offers. While credit monitoring certainly isn’t a bad thing, it offers little in the way of actual protection because victims are only alerted after the fraud has happened. It adds almost nothing to the protections already in place by the card issuers and does little to point victims to the safeguards that actually do matter, like suspicious activity alerts or card controls.
The landscape of financial fraud is evolving and complex, but the message to consumers doesn’t have to be. In this era of “breach fatigue,” a clear and simple approach is best:
- Offer objective and credible information.
- Provide a clear way to understand the specific and personalized risks posed by a data breach.
- Tell consumers exactly which actions to take.
We believe the right prescription is protective tools that are easy to access through seamless integration with online and mobile banking. These tools should be highly personalized to the consumer and tailored to their unique breach history, and they should connect directly to the relevant action steps, preferably through a bank’s free account safety solutions.
To create consumer-facing tools that are both sticky and effective, the cure can’t be worse than the ailment. This is particularly relevant when trying to reach consumers who haven’t yet been impacted negatively, and thus aren’t sure why they should act now.
Fintech advances make this sophisticated strategy surprisingly easy to execute. The result could be to make data breach risk protection as simple and routine as covering mouths and washing hands.