While several new laws and regulations have been put in place to protect consumers – such as data breach notification laws, which are in effect in all but four states – and Red Flag Rules, which went into effect of June 1, 2010 and require firms that hold customer accounts to implement programs that identify and detect red flags that signal possible identity theft – these notifications are not appropriately spurring consumers to action. “Consumers who receive notifications that their personal information may have been breached are not connecting the dots,” said Robert Vamosi, Fraud and Security Analyst and author of this report. “They don’t seem to understand that this puts them at an increased risk for other types of fraud and at an increased need for identity protection services such as fraud alerts, security freezes and credit and identity monitoring.” Fraud victims who have been notified of a data breach experience fraud at nearly five times the rate of fraud victims who have not been notified of a breach.
New rules and regulations clearly put the onus on businesses and they can meet these obligations, protect their relationships with consumers and save money in the long run by putting in place best practices to prevent, detect and resolve identity fraud. The 2010 Data Breach Prevention and Response report recommends specific steps businesses can take before, during and after a data breach. It provides data loss prevention (DLP) guidance and discusses vendors that can help assess, identify and limit access to data to prevent breaches from occurring. The report also covers data breach monitoring services offered by security incident and event management (SIEM) vendors and cites vendors that can assist with the notification and resolution of data breaches.
Selected Key Report Findings – 2010 Data Breach Prevention and Response
• More than one in four of all U.S. consumers have received a data breach notification.
• New accounts fraud – which is the most difficult to detect – accounts for a large percentage of the growth in identity fraud over the past two years.
• Consumers often either no longer use a card or use it less after it is reissued.
• Financial Institutions are viewed less favorably by 38% of consumers after they receive a breach notification.
“Consumers are quick to place the blame on financial institutions and retailers even though they may not be the responsible party, which can lead to a loss in trust and business,” said Robert Vamosi, Fraud and Security Analyst. “Businesses can be proactive by identifying what sensitive data they have and where it resides, creating a layered plan to protect the consumer’s personal information and developing a plan for how to respond in case a data breach occurs.”
Javelin’s 2010 Data Prevention and Response report is based on data collected online in November 2009 from a random-sample panel of 3,294 consumers, data from a September 2009 telephone survey with 5,000 U.S. adults – including 703 identity fraud victims – and secondary data from publicly available online sources.
About Javelin Strategy & Research
Javelin provides superior direction on key facts and forces that materially determine the success of customer-facing financial services, payments and security initiatives. Our advantages are rigorous process, independent position and expert people. For more information about this or other Javelin reports, please visitwww.javelinstrategy.com/research or contact Liz Travers at (925) 225-9100 ext. 31 or etravers@javelinstrategy.com.
Source: Company press release.
