Every day we hear or read about another security breach with volumes of consumer’s private information being acquired by some unscrupulous people.
Most recently it was Equifax, a major repository of consumer credit and personal data. Who might be next?
Now, all the pundits and politicians saying something needs to be done to protect the consumer. More good intentions…
Senator Warren (D/MA) wants to introduce legislation that would require the repositories to provide consumers with a free credit freeze plus a freeze on selling their information (oh yes they sell your info) to anyone who is the subject of a cyber attack
Sounds good, but hey that’s after the crooks already have all your private information. Can anything be done to prevent them from getting your info in the first place? Probably not.
Why? Because, if someone can create a program to protect your info, someone will find a way to crack that program and steal it. Build a better mousetrap and they’ll build a better mouse.
The only ones making money are the programmers and the hackers. I believe that sometimes they are one and the same. Call me a conspiracy theorist.
Right after the huge hack, Equifax offered consumers the option to freeze their account and obtain their identity protection product. The online freeze request provides information on Equifax’s Privacy and Security Notices and lets you know their systems are protected by SSL encryption. Their Security Notice reads:
In the United States, you can order all Equifax products online with confidence using Internet Explorer, since they support the recommended 128-bit key length encryption SSL (Secure Sockets Layer). International versions support 40-bit encryption.
Maybe data is protected when ordering but how about when stored and at rest? I guess, not so good.
The problem is that way too much personal information is floating around out there on the internet.
Every time we search online, the information is stored so retailers can identify our buying habits, our wants, and our needs. Then, we pay online with our credit cards. It’s like giving the keys to your car to a car thief.
Sure, PayPal and other sites are supposed to be secure but someone wrote their security programs. That means someone knows how to hack them.
Laws to force companies to provide some service and retribution to consumers when their information is breached are great. However, these laws won’t stop or solve the problem.
Consumers need to take responsibility for the protection of their personal data. As much as I hate to admit it, we also need to obtain identity theft protection. We carry insurance for other potential problems; why not carry it for our identity?
Lenders also need to protect themselves. Not just from cyber-attacks against customer PII, but also from the potential loss that may result from lending to cyber thieves who have stolen other’s identities.
This includes credit, income, employment, and asset information, along with a Social Security number. Everything a thief needs to create a false identity to get a mortgage loan. Lenders beware…
Although the action is underway to help consumers who become a victim of identity theft, such actions will not prevent identity theft. It will continue and only get worse.
The more data we put on the net; the more motivation for someone to steal it. If there were no crooks, we wouldn’t need laws.
Consumer, protect they self. Lender, do the same.