This article was generated because of Trish Regan’s recent post in LinkedIn link URL: http://www.linkedin.com/today/post/article/20140112223511-205524815-retailers-violate-biggest-asset-customer-trust?trk=api*a234871*s242728*
Trish good article and I agree with your observations. Personally I think that the problem is more prevalent than we all know. You see many of these companies have become too large to manage efficiently. No matter how much you pay the CEO one person can only effectively control so much. I am well aware of the principles involved in managing a large corporation. And the result is that these corporations play the numbers game they are aware that statistically at some point they are going to be hit by these thieves. But the cost of ensuring that a breach is almost impossible, this cost is very high and is seen a diminishing return. Therefore by having generally adequate industry standard protection it allows them to insure the potential loss and to self-insure by allocating funds to be used in the event of a security breach. (which you pay for in the goods you buy)
Now if you look from the consumer’s point of view. es, the company will offer credit monitoring which has no cost to the consumer. But it is not really big money considering the general real cost to the consumer, and it is these breaches in security that destroys consumer confidence in the system. The consumer is now faced with dealing with all sorts of legal matters for which they are not equipped. All of these legal maneuvers have a real cost in time and losses that cannot be recovered due to changing banks new cards etc. And yes, the credit card companies will reimburse most of the reported fraudulent costs. That is why the credit cards cost so much, it is because they cannot manage the security of our information efficiently.
So what do you think is going to happen; is that people will start to pay for goods with cash, at the stores that have security breaches and in my travels I am beginning to see a lot of cash sales. This is also why many of the other companies that have been breached do not own up immediately, for fear of losing business.
It happened to me recently I purchased some software from Adobe and 4 months later they told me they had a similar breach and they would put credit monitoring at no charge to me. Not only did the hackers break into the system they stole their encryption code. If it can happen to Adobe it is happening to a lot more companies.
We also have to find a better method of verifying people than using our social security numbers. Which should only be used for IRS, and Medical/Medicare/Medicaid plus births, deaths and marriages. This information is very private and should not be used by very person who wants to open a bank account or get a credit card, buy a cell telephone even the oil delivery company wanted my social they have no right to it. I pay for the oil and that is all they should care about, so I paid them with cash. They do not need that kind of information to do their business. How do your think companies manage in other countries around the world where you are not permitted to use this information no matter what. We have to reduce this cavalier use of our social security info by banks etc. When you go to a restaurant do you have to give your social to have a meal?
Just my thoughts Trish I am glad you are highlighting the problem.
Good stuff Sefton, your perspective and looking at this as a risk management professional is valuable. My latest take is that in general “Big is Broken”. I am trying to deal with small local vendors where possible. Of course I still have to rely on the internet for some purchases and I try and use pay pal and other forms of payment where I can.
Also by checking my accounts on a regular basis and keeping my checkbook balanced I would be able to spot potential fraud more quickly and therefore limit my liability and associated risk.