Digital Transactions Authoritative, insightful and timely information for payments professionals
Data breaches, including the recently disclosed hack at off-price retailer TJX Cos. Inc. (Digital Transactions News, Jan. 22), garner a lot of headlines, but they paint a misleading picture about the resulting dangers, according to some experts. While an estimated 30% of consumers have been exposed to data breaches, only 0.8% of them have become victims of identity fraud as a result. That's according to data compiled by Pleasanton, Calif.-based researcher Javelin Strategy & Research. Speaking at an online data-breach seminar sponsored this week by First Data Corp.'s Star electronic funds transfer network, Bruce Cundiff, senior analyst at Javelin, said data breaches are the source of about 6% of known identity fraud. More frequent causes include lost and stolen payment cards, or fraud initiated by corrupt employees or people known by the victim. But those un-sensational statistics are no reason for financial institutions to be any less concerned about data breaches. “The perception [of insecurity] is a large portion of what we're having to deal with,” said Cundiff. As a result, data leaks carry costs that go well beyond the direct costs of card reissuance and fraud resulting from breaches. Speakers at the Star seminar as well as a number of sources contacted by this newsletter's sister publication, Digital Transactions magazine, for an upcoming story about data breaches noted that consumers frequently close or relegate to light use accounts from card issuers or banks associated with data breaches, even if the bank or card issuer was not at fault. “The [customer] turnover is almost always higher than expected,” Larry Ponemon, chairman of the Ponemon Institute LLC, an Elk Rapids, Mich.-based privacy and security think tank, told Digital Transactions. America's Community Bankers reported Wednesday that 70% of respondents to a recent survey by the Washington, D.C.-based trade group said their bank had to reissue cards due to data breaches three times or more, and 39% had to reissue cards more than five times. Some 89% of the responding debit card issuers and 53% of the credit card issuers indicated their customers had been affected by a data breach. Of those institutions affected by a breach, 92% had reissued cards. The survey had 181 respondents; 96% said they issue debit cards and 19% issue credit cards. The ACB says it costs between $10 and $20 to reissue a card. One of the messages that came out of Star seminar was that banks can use security more effectively as a selling point. “Security can be a competitive differentiator,” said Peter Burns, vice president and director of the Payment Cards Center at the Federal Reserve Bank of Philadelphia, one of several speakers at the event. The Philly Fed sponsored a security conference last September. Citing consumer surveys his firm did in 2006 and into this year, Cundiff said consumers rank superior security against identify fraud as the No. 2 factor they look for in a new credit card issuer, behind only low interest rates. Meanwhile, the Massachusetts attorney general's office said Wednesday that is leading a multi-state investigation into the breach at Framingham, Mass.-based TJX.
