Contego met up with Michael Hagen, CEO of ID Checker for a quick interview on his views on the future of data breaches.
What is the future of data breaches?
Let's use Target as an example. Now with the CEO of Target resigning, the story of the Target breach will probably fade away into darkness. Target will likely implement new anti-fraud services and spend millions of dollars on both hardware and software. I would say it will take a few years for customers to regain trust in the company which will always be associated with ‘the Big Data breach’ regardless of the fact that it was a third party vendor responsible for the data compromises.
Will these measures prevent it from happening again?
I don’t believe they will. This is not an article about Target; nor is Target the latest victim in a never-ending series of attacks aimed at separating customers from their hard-earned money. The fact of the matter is, attackers will always find their way into systems that offer a high enough reward - they will devote the resources to make it happen. One look at the anatomy of the attack on Target and you can see how determined the attackers are to make things work to their advantage.
With E-commerce growing year after year, breaches like this will happen more often. The public is aware of data breaches, yet at the moment there is little they can do to prevent them. Merchants ask their customers for all sorts of data and store it behind their own firewalls. They often think: the more data we have on our customers, the more value we create. This might be true on one hand, however on the other, they become valuable targets for fraudsters and hackers.
What is Card Hub?
CardHub provides a fantastic all-in-one resource for fraud statistics, and I’d like to highlight some points:
- Credit card and debit card fraud resulted in losses amounting to $11.27 billion during 2012.
- In 2012, the U.S. accounted for 47.3 percent of the worldwide payment card fraud losses, but generated only 23.5 percent of total volume.
- Retailers incur $580.5 million in debit card fraud losses, and spend $6.47 billion annually on credit and debit card fraud prevention annually.
$6.47 billion is spent annually on fraud prevention and yet annual losses amount to $11.27 billion. This adds up to a cost of approx. $18 billion which makes me wonder if it is even worth storing personal data behind firewalls in this way. Perhaps we could store only the most necessary information, from a legal and compliance point of view, behind our firewalls? I believe this could be the way of the future.
Currently, there are a number of initiatives taking place that are considering alternative ways to identify and register customers. The US government is funding projects and initiatives, which will enable E-ID’s for citizens to interact with Government bodies and merchants. The EU and India are working on implementing similar frameworks. Governments themselves do not operate these initiatives. They are all run by third party providers, of which there are multiple to choose from.
What would such a process look like?
The consumer registers him or herself at a Trusted Third Party (TTP) and gives the TTP all their relevant data. This may be personal details such as name, address, DOB, and any financial information such as credit card details etc. The consumer will then create a profile instructing the TTP which information he agrees to share and with whom, allowing the consumer control over their shared information.
In my opinion, we as consumers need to take these initiatives seriously. This is the first step in protecting ourselves online in that it enables us to take control of our data. It will allow us to reduce the number of data breaches, since there is no stored personal data on the merchant side. It will significantly lower the amount of money that merchants are now spending on fraud prevention as well as lower the costs of credit and debit card fraud. In an ideal world the money that merchants save will flow back to the consumer and this will be reflected in lower prices for all.
Michael Hagen is the founder and CEO of IDchecker, an international ID document verification company considered as a market leader in the US and Europe. Launched in 2004, IDchecker is now doing business with major US and international organisations in a variety of industries. As a successful entrepreneur, Michael’s goal is to create an environment where every employee can develop their personal leadership skills and feels involved in the company’s success, resulting in satisfied and loyal clients.
Michael Hagen, CEO, ID Checker (2014) Interviewed by Contego on the 4th April.