Although Santa has come and gone, it’s never too early to start a wish list for the New Year. So today, Intersections’ Consumer Security Adviser, Neal O’Farrell shares his security wish list for 2012.
Another year over and a new one is just about to begin, but hand it to hackers to spoil all the fun. As we look back on the year that was, and try to predict what lies for us in the year ahead, it might be a good time to think and talk about all the things we'd like to change so that the bad guys don't win more than they have to.
With that in mind, I've put together a wish list of just some of the things that I'd like to see happen — things that would protect consumers and make life easier for victims.
1. Consumers could take the threats more seriously and get more involved in their own protection. We know from experience that the majority of security incidents could be avoided if consumers were more vigilant, more involved, and more willing to change the bad habits that often get them in trouble.
2. Stop using zero liability as a safety net. Consumers make the mistake of assuming that zero liability means zero loss or zero responsibility. As any victim will tell you, zero liability leaves a lot to be desired and often leaves the victim on the hook for costs they never anticipated.
3. Banks should play a greater role in educating and alerting their customers. Banks are in the best position to educate and information their customers about security risks, and alert them to the latest threats. But most financial institutions would prefer to say as little as possible about security in case it makes their customers worry.
4. The IRS, Social Security Administration and other government agencies should be more sympathetic to the plight of victims and change their practices. I hear so many horror stories of identity theft victims whose Social Security number is being repeatedly misused and abused by crooks, and in many cases it's because the Social Security Administration has few resources to help in such cases.
5. Law enforcement should be more aggressive, especially when it comes to taking victim reports and sharing intelligence. One of the many worrying trends in identity theft is the evolution of super thieves — low-level crooks who are never arrested or get into any law enforcement database, and so go unchallenged and undetected for years. Which gives them plenty of time to practice and get much better. By the time law enforcement spots them, they're too good to be caught.
6. Data breach laws should focus on the needs of the consumer and not the breached company. Too many of the proposed laws focus on the needs of business rather than the impact on consumers.
7. Consumers should watch their credit reports more carefully — I still come across consumers in their 50's who have never checked their credit reports and don't know how.
8. Accelerate the move to chip-and-pin cards. This should help slow down the surge in skimming attacks that take advantage of the vulnerabilities of traditional magnetic stripe cards.
9. More consumers using credit cards instead of debit cards. As recent skimming attacks have shown, a debit or ATM card provides direct access to the victim's bank account. And while stolen funds may be replaced, it might not happen fast enough for the victim to pay urgent bills. Credit cards shift the loss and responsibility on to the financial institution.
10. Faster move to authentication systems to replace passwords. I wrote in a recent blog that IBM believes the password will be a thing of the past within the next five years. And that's not fast enough for me. There are better ways for users to identify and authenticate themselves, and the sooner they become more practical and effective, the better for security.
11. More security awareness training for employees. Because so many security incidents and breaches are as a result of preventable mistakes by employees, the only remedy is better employee security awareness training. In spite of the fact that it's one of the cheapest security tools available, most employees receive little if any security training. Which means we're likely to see more data breaches that result from busy employees making predictable but preventable mistakes.
12. And finally, I'd love to see the creation of a national database of compromised Social Security numbers.Because Social Security numbers can rarely be changed, once an SSN is stolen the victim faces a lifetime of fraud and worry. A national database of compromised Social Security numbers could significantly cut down on the number of times a stolen Social Security number is abused.
Has your company experienced a data breach? We can help. Call us at 1-888-283-1725, or visit us online, for information and security solutions.
Learn more about identity theft protection.