Record data breaches in 2014 teach important lessons

Last updated: 27 January 2015

The Identity Theft Resource Center reported that data breaches hit an all-time high of 783 in 2014, and in many instances payment card details were compromised along with personal information like email addresses, phones numbers, or physical addresses. This meant that more payment cards had to be reissued due to breaches in 2014 than in any other year. My own go-to credit card was reissued 3 times last year due to such incidents.  Prior to this recent spree of security breaches, consumers didn’t often worry about the security of their credit card details beyond the chance of a one-off thief who might steal a card from a lost wallet.  But these days payment security is top-of-mind and top-of-news.

It pays to be proactive in payments and data security.  For decades the United States was content to rely on outdated card security technology while the security-conscious countries of Europe invested in EMV and two-factor authentication for online banking. Fraudsters have taken notice.  As a result, half of the world’s credit card fraud originates from the United States alone.  Thankfully, those days are coming to an end.

There are a few important lessons that can help to keep account details safe:

  1. Here in the United States, EMV is being deployed. In countries where it is the norm, EMV has nearly eliminated card-present fraud. Once EMV becomes the dominant technology at the point-of sale, the fraudulent mag-stripe cards created from breached information can’t be used.
  2. But, EMV isn’t a silver bullet. While EMV will shut-down a major source of fraud (card-present), encryption and tokenization are being used to address cross-channel fraud.
  3. PCI compliance should be taken seriously and reviewed regularly.
  4. Early detection is key. Even if a retailer is fully PCI DSS compliant, a greater number of attacks could be caught earlier if employees are trained to look for signs of an attack in daily event logs. Retailers need to understand what data is being stored, who has access to it, and under what conditions an alert will be generated so that every employee who handles that data know what to look for.
  5. Instant Issuance matters. Most consumers will form an impression based on what happens after the event. It’s how it’s handled that matters.  Savvy banks will take this opportunity to delight their customers with surprisingly quick and painless card replacement.  The faster you can issue a new card, the better.  Many banks are investing in Instant Issuance stations, which allow cardholders to visit a branch and walk away with their newly issued card on the spot.