Data breaches touched almost every sector hurting us where we live, shop, ride and bank.
The 115th Congress has returned to work with a long list of unfinished business, not least of which is to tackle issues related to the spate of hacks, leaks and breaches that plagued 2017.
Data breaches touched almost every sector—health care, financial services and the government—hurting us where we live, shop, ride and bank. Even our video games were not spared. Unfortunately, we all learned the importance of freezing and locking our credit reports—and it was not a new dance move. No surprise, consumer and citizen trust are at an all-time low.
Sens. Mark Warner, D-Va., and Elizabeth Warren, D-Mass., have introduced the Data Breach Prevention and Compensation Act, which would grant the Federal Trade Commission clearer authority to fine credit reporting agencies, and requires compensation to consumers who have been harmed. This bill marks some early progress, but notification is not a strategy and penalties are not prevention.
Congress must work to find solutions that can preserve identity, prevent fraud and help restore trust. While some progress was made last year, the House and Senate are slated to tackle tough issues around cyber crime and its fallout. The efforts by Congress are supported by the financial services industry to require federal oversight of data breach notification and some have even called for increased penalties.
With the amount of personal data that has already been compromised, the threat of fraud is especially pernicious. Financial institutions are at particular risk. While Congress wrestles with crafting new standards for navigating the myriad risks of the digital frontier, current regulatory guidance already exists that could strengthen consumer protection. The current Federal Financial Institutions Examination Council (Federal Deposit Insurance Corporation) guidance, “Authentication in an Internet Banking Environment,” should become the standard for consumer protection for all servicing channels such as mobile apps, internet and telephone calls. Enhanced enforcement would not only better protect consumers, it would also help combat the costs of fraud to individuals, businesses and the government.
Federal government regulations that require companies to use more secure contact center authentication programs could ensure consumers don’t have to reveal personal data to identify themselves, making that information less valuable and helping to reduce the incentive for more nationwide data breaches. As an example, identity tokens based on physical possession of a phone are a practical and effective form of authentication. Multiple technologies exist that verifies calls are coming from a trustworthy caller. And in this environment of increasing risk and uncertainty, we could all use a little more trust.
Patrick Cox is chairman and chief executive officer of TRUSTID.