BID Daily Newsletter
February 21, 2014

BID Daily Newsletter

February 21, 2014

Wrestling Over Data Security

Years ago, professional wrestling fans may have been shocked to learn that matches were carefully choreographed and the results fixed, but not anymore. Fans today understand they're not really watching a sports competition, but rather are seeing performing actors on a stage. As such, even the most carefully planned out ruses designed to achieve maximum shock value don't trigger an allegation of fraud in the ring.
In most other areas of life, however, people get upset when things aren't what they seem. Fraud, particularly in the financial services world, is a real issue these days. It seems like almost every week another retailer announces a data breach or a possible one, sending customers into a tizzy about how their personal information may or may not have been usurped.
Credit card fraud is particularly pervasive. Consider a report by Javelin that shows credit card fraud affected 7.5mm Americans in 2012, with total card fraud losses reaching nearly $8B that year. That is huge, but here's a bit of good news for banks that issue credit cards. According to the latest Javelin research, financial institution credit cards score high in security, compared to credit cards issued by retailers. The study shows that Bank of America, USAA and Wells Fargo outshine competitors in prevention, detection and resolution. Retailers, meanwhile, scored lowest in the category of prevention and among the lowest overall.
Even if banks are ahead of retailers on card security, complacency is never a good thing and customers can be fickle. Banks must continually strive to make sure their customer interactions are as protected as possible from intruders and that our customers' most precious financial information is secure.
Of course data security can come at a high cost. For instance, just the switch to EMV is estimated to cost more than $5B. That includes the price tag of replacing magnetic stripe cards with chip technology and upgrading payment terminals.
There's also a high cost to banks though that fall short on data security. Even when banks are not at fault (as in the vast majority of instances it seems), customers don't care and they hold banks responsible. One bank CEO put this into the best perspective. He said a data breach or errant wire transfer is never good. The very best thing that happens for the bank is that it has lost a client for life. Customers just aren't consistent with patches, they are not regulated and they use and reuse passwords a child could usually crack. All of these issues add risk to the bank and to its customer relationships over time as crooks seem to get more and more sophisticated over time.
As a result of the recent breaches at Target, etc. the big banks have reissued cards to thwart thieves and make their customers feel safer. In the past few months JPMorgan, Citi, Bank of America and American Express have all replaced credit and debit cards, to varying degrees in fact. Take this singular issue and pile on reputational risk and it is readily apparent that banks have even more of an incentive to make data security a high priority.
Given the pervasiveness of this global problem, we weren't shocked to see the White House issue new corporate standards around cyber security. While this is optional now, the standards at least offer more information for bank customers (as we likely head for a national standard for securing customer data).
When fans today watch a professional wrestling match, they're in it primarily for entertainment value, so they expect the lines between real and fake to be blurry. When customers use their credit or debit cards to make purchases, however, they aren't asking or interested in being tricked, so security enhancement is an ongoing issue banks will have to wrestle with over time.