Thursday, October 5, 2017

The Lesson of Equifax





There has been a lot of news over the last month or so regarding identity theft, hacking of a major credit bureau  and just this week, that Yahoo had a larger data breach than originally reported, where three BILLION customers were ALL hacked in 2013.

This has become a real problem in this digital world we live in. But, we aren't alone. There have been several breaches across all sectors, including the Democrat party, health insurance agencies in the US and elsewhere, government agencies in the US and across the globe, retail establishments, and financial institutions, just to name a few. You can see the complete list on Wikipedia for yourself.

It is a larger problem than anyone would have thought. The reason? Most of these systems were last updated in the 1990s, while the technology has far surpassed any protective measures from that time. 

As a retired banker, who was also the bank's Retail Operations, Security and Data Processing Officer, I can assure you that when we became aware of a potential breach, we wrote and installed a patch to the system to prevent compromise of our customers' data. Immediately.

Sadly, when Equifax became aware of a potential breach in March, nothing at all was done until July, which has now compromised the data of 145 MILLION Americans. 

From my own personal experience, I was advised by my current bank that I was in London booking a trip; another time, I was in Alabama making a call from a jail; a third time, I was in NYC buying stuff at Home Depot AND getting coffee at a 7-11 at the same time. In each case, I was home sitting on my couch on Long Island.
The reason my bank was able to advise me that I had fraudulent activity was that I had just done transactions at establishments within five miles of my home within the last couple of hours, which would not have allowed for transactions to be completed so far away.

In addition, when I travel, I always advise my local bank that I will be away, especially the bank which houses my debit card.

Ironically, the Internal Revenue Service, just this week, announced that it had contracted with Equifax in a $7.25MM deal to "verify taxpayer identities and help prevent fraud.”

Truly ironic.

The IRS wants to protect you? So, they contracted with the company who has had the largest breach of personal data since 2013? You would think his would be a company the IRS, which is not loved by many Americans, would not now want to be associated. 

There are a lot of issues surrounding the Equifax fiasco, much of its own making, for sure. But it is not alone. Data processing systems need to be upgraded to the most current protection systems available, especially those which store our financial data. 

Banks, for the most part, understand this. Fintech companies certainly do. The smart banks are working with fintech companies to upgrade their data encryption. And others are starting to follow, no matter the cost. 

The lesson of Equifax, Yahoo and so many others is this: instead of trying to save a buck to protect your stockholders and investors, why not try to protect your reputation by investing in the most up-to-date hardware, software and encryption data that is presently available. In the long run, it would be the best money you could ever spend.

Your reputation is priceless.


Frank McHale is the Chief Operations Officer at Madison Avenue Social