With the one year anniversary of the Equifax data breach upon us, affecting over 147 million adult Americans, there is an ever increasing need for Americans to be “on guard” from the effects of this breach, and so many others like it (UBER, Sonic, UnderArmor, etc.). Credit Unions have a golden opportunity to show their members, and potentially new members, that they recognize the growing risks facing their members far outside the walls of the credit union itself.
A recent study conducted by a team of researchers at the University of Michigan School of Information shows that consumers (your members) have exhibited an optimism bias that has led to a significant degree of complacency or total lack of action in response to the Equifax breach. Whether you call it “putting their heads in the sand”, “rolling the dice”, or exhibiting the “it hasn’t happened to me yet” syndrome, people (members) need to know they’re taking enormous risks with this complacent approach. New account and Account Takeover fraud has increased more than 200% in the US over the past three years, thus magnifying the risks for members as they face more serious ID theft nightmares.
In a recent interview with FBI Retired-Special Agent, John Iannarelli, he explained that, “The criminals who perpetrated the Equifax breach will sit on the majority of data for as much as a year or more before using it. They know the nature of consumers is to get more complacent over time, long after a major breach. They know there will be an initial rush to have protection immediately following the breach, then folks just get lax, assuming it’s all safe and lose their vigilance. And that’s when the thieves will strike.”
The U of M report indicated that some consumers simply delay taking security related actions to protect themselves until after they know they are actually harmed. There is a general lack of awareness about the best ways to protect themselves. They don’t understand the extensive time and labor involved in managing the recovery efforts. Most often they are mistaken about various monitoring services that they “believe” will prevent ID theft from happening. This lack of awareness issue includes a misinterpretation of how preventative services, or so-called “resolution services”, actually work, or don’t work, as they are led to believe from their descriptions.
Another interesting trend has recently been revealed by a Scottsdale, AZ firm, Cornerstone Advisors, which indicates that millennial consumers (members) are turning to credit unions or other financial institutions for non-financial services such as ID theft protection. And, as reported in last month's CU Times article, Millennials Open to Buying Non -Financial Services from CUs, the majority of millennials are willing to consider buying bundled services at attractive prices.
This new Cornerstone study reflects complementary results to an early 2017 study released by Assurant, Inc., which reported that the majority of surveyed US consumers were fearful of ID theft & cybersecurity. Over 60% of the consumers indicated that they were “terrified” or “very concerned” about ID theft or cyberattacks, prompting 79% of the respondents to be “more likely” to buy protective services.
Another contributor to consumer complacency is a vast array of “technology wielding” companies urging consumers to trust in the next “magic pill” solution that will make all of the ID theft threats evaporate (i.e. remember how EMV chip cards would be the final answer?). Recently, the hope of technology rests upon Blockchain companies to produce the fix for all identity theft. However, subject matter experts such as Mark Pribish, VP & ID Theft Practice Leader at Merchants Information Solutions, have the insights into the reality of data breach events and their ID theft fallout, which reveal that the direct cause of many breaches and ID theft events are from human fallibility vs. technology attacks (i.e. hacking, malware). Therefore, the power of Blockchain solutions, which focuses predominantly on technology controlled data, will continue to face serious limitations as a means to end all identity theft.
In conclusion, credit unions have an excellent opportunity to take a leadership role by bringing members a real solution to preparedness against data breach & ID theft events. Pribish offers great advice in his own summation, “I recommend that companies and individual consumers focus on response and recovery—because it’s not a question of if, but when a company experiences a data breach even if your organization has implemented Blockchain technology…” CU’s can make an enormous impact on their members with strong awareness programs and provide them bundled ID theft services with rich value propositions. Why should members be forced to find third party solutions online (via Amazon, Apple, etc.) with services from companies they do not trust at rates much higher than they’d expect from their trusted credit union?
So celebrate the one year anniversary of the Equifax breach with definitive action to serve your members before the next anniversary….and end your members’ confusion, complacency, and increasing vulnerability that criminals are using to their advantage.
Jim McCabe, Senior Vice President, Identity Theft Services at Vero.