TMCnet News
Data breaches threaten to shake consumer confidence [The Eagle-Tribune, North Andover, Mass.](Eagle-Tribune (North Andover, MA) Via Acquire Media NewsEdge) Oct. 19--Data breaches are becoming commonplace, and banking and retail industry experts are at odds about how to deal with the threat while working with law enforcement officials and regulators to try to protect consumers from predators. Consumers, banks and retail businesses all feel the hit each time personal banking, credit or other information is stolen. And no company or industry seems to be safe from data breaches. Earlier this month, JP Morgan Chase announced as many as 76 million households and 7 million small businesses were exposed in a data breach, according to Forbes.com, which tracks such breaches. And in August, about 400 Dairy Queen locations were hit by hackers. In 2012, a data breach at Women & Infants Hospital in Rhode Island affected some 12,000 Massachusetts patients, according to the state Attorney General's Office. Preying on consumers When an individual's personal information is stolen from a bank, a retail store or even a hospital, it can be used in a variety of illicit ways, James Boffetti, the senior assistant attorney general for New Hampshire, said. "There is an international market for this kind of information," said Boffetti, who is also the chief of the New Hampshire Consumer Protection Bureau under the Attorney General's Office. Under a state law enacted in 2007, he said, businesses in New Hampshire must notify the AG's office when there is a data breach. This year, the AG's office received 16 notifications from different businesses, according to the Attorney General's website. Massachusetts has a similar notification law. From 2008 to 2013 there were 4,684 data breach notifications that affected more than 4.75 million people, according to the Massachusetts Attorney General's website. In the first half of 2014, another 674 notifications were reported in Massachusetts. Once personal information is stolen, it can be sold to another party to make purchases fraudulently Boffetti said that stolen data is also commonly used to obtain phone numbers, email addresses and other contact information for phone or email scams. National problem There have been 606 security breaches nationwide in 2014, with about 77.6 million records exposed, according to the Identity Theft Resource Center. In 2013, there were 614 breaches and nearly 92 million records exposed, according to the center. "It happens literally by the second around world," said Jon Hurst, president of the Retailers Association of Massachusetts. "These are very sophisticated thieves." When data is stolen, banks have to put time and money into correcting the problems for the account holder, he said. Credit card companies recoup their losses by charging banks or retailers a fee for using the cards, Hurst said. Boffetti said credit cards offer more fraud protection than debit cards, which are directly tied to a checking account. When a card is lost, stolen, or data is compromised, a replacement credit card is the answer for the victim. "The other thing that they should be doing -- that everyone should be doing -- is scrutinizing their statements," Boffetti said. Tracking down hackers, Boffetti said is extraordinarily difficult. Many of these breaches originate overseas, so it's even more difficult to trace them, "which is why we focus on educating people to protect themselves. " he said. Signing up for alerts from a bank or credit card company and reviewing every statement are key security measures, according to Richard Arcand, a spokesman for the New Hampshire Banking Department. The department examines banks in the state about every 18 months, he said. Ensuring banks have the right security and are following regulations is apart of the process, he said. "I can say the banks and credit unions are actively updating their IT and security systems," he said, Federal laws protect people who notify banks or credit card companies when they notice a fraudulent charge, so the first step is spotting such a charge. "The important take away is to monitor your accounts of unauthorized charges, alert your bank if fraud is suspected and keep records," he said. Bankers vs. retailers Once discrepancies are reported, it takes time and money for banks to replace cards and correct accounts, something that does not sit well with the banking industry, Bruce Spitzer, spokesman for the Massachusetts Bankers Association, said. Bankers are putting pressure on retailers and other industries to increase their security because banks have to pay out the losses related to data theft and fraudulent charges, he said. "The fact that retailers have no stake in the game makes our banking industry very angry," he said. The association is pushing the Legislature in Massachusetts to make retailers more liable when breaches happen, he said. Banks have their own complex algorithms to help spot fraud or breaches, he said. "Does the industry catch it all? No. But we are trying to catch more of it all the time," Spitzer said. It's a never-ending battle." The retail industry says it is taking steps to curb the problem. One big problem, Nancy Kyle, president and CEO of the New Hampshire Retail Association, said is oudated technology. "It's 1960s technology that is on credit cards," she said. One solution, she said, is adopting technology that puts microchips in credit cards and links them to personal identification numbers, or PIN's, rather than relying on magnetic swipe strips. The technology is nothing new, Kyle said -- it's used across the globe by many other countries. Hurst, her counterpart in Massachusetts, said chip and PIN equipment costs more, which is one reason the United States lags behind Europe in introducing it. From 2008 to 2011, chip and PIN technology cut credit card fraud cases in half in the United Kingdom, she said. Advanced technology, like Apple Pay, is even more secure because it uses fingerprint technology to verify a purchaser's identity, Kyle said. On Friday, President Obama announced a plan to tighten security for the debit cards that transmit federal benefits like Social Security to millions of Americans by applying security chips and PIN's to new cards. The government will also apply security chips to all government credit cards, Obama said. Payment terminals at federal government facilities will be equipped to handle cards with the new technology. The White House says the idea of the government program is to lead by example, to nudge the broader financial industry and retailers toward more secure standards. Obama noted that Home Depot, Target, Walgreen and Wal-Mart stores plan to install payment terminals in their stores equipped to handle cards with digital security chips and personal identification numbers, called PINS, that replace signatures. 'Huge issue' Data breaches ultimately result in higher consumer prices and affect buying habits. "It's a huge issue," said Peter Guffin, a partner with the firm Pierce Atwood who specializes in in security law and technology for the past 15 years. Payment innovations may be the answer. "You're seeing more and more interest in innovation to come up with better, more secure methods of payment," Guffin said. Data breaches erodes consumer confidence in the banking system and hurts the reputations of businesses as well. Eventually, Guffin said, this could impact the way people act and make many fearful of handing out any personal information. "I think if we lose confidence in the ability of institutions and being able to secure our information, that may ultimately lead to behavior we don't want." How to protect your data --Check bank and credit statements as often as possible for fraudulent charges. --Keep a limited amount of money in a checking account linked to a debit card. --Sign up with your bank to receive alerts related to data breaches and theft. --Check your credit score often by contacting Equifax, Experian or TransUnion. Each company is obligated to provide you with a free credit report once a year. If you are the victim of a false credit or debit charge --Call your bank or credit card company immediately to report the issue. --Under two federal laws, the Fair Credit Billing Act and Electronic Funds Transfer Act, consumers have 60 days after receiving a statement to report an error in writing. --Errors include an unauthorized electronic funds transfer, incorrect transfers and missing statements. --Once you've notified the financial institution about an error on your statement, the bank or credit company has 10 business days to investigate, according to the Federal Trade Commission. --Investigations may take up to 45 days. --Under federal law, the institution has no obligation to conduct an investigation if you miss the 60-day deadline. ___ (c)2014 The Eagle-Tribune (North Andover, Mass.) Visit The Eagle-Tribune (North Andover, Mass.) at www.eagletribune.com Distributed by MCT Information Services |