Every week, it seems, another big company announces that it has lost thousands or millions of sensitive records on American consumers. Morgan Stanley. Sony. Cord Blood Registry.
Ever wonder why American consumers keep getting hit by data breaches? It’s because we’re the lowest-hanging fruit for thieves, says Adam Dolby, director of electronic banking at Gemalto, an electronic security company.
“With the rest of the world hardening their targets, the U.S. becomes the weakest link,” Dolby says. “You can always tell when you’re the weakest link because you’re getting targeted.”
The biggest vulnerabilities involve our bank accounts, says Dolby. Countries as diverse as Germany, South Korea, the United Kingdom and Singapore all have taken serious measures to lock down consumers’ bank information. In Germany, consumers must swipe their cards against a scanner machine to obtain a password to access their bank accounts online. The password is good only for that transaction, and only for a limited time.
[Related article: Safer Online and Mobile Banking In the Works]
Other banks are experimenting with a plug-in Zip drive that only allows customers to visit certain bank-related websites. The drives also generate new access codes every time consumers log into their accounts.
“It’s still web-based convenience, but you know for sure it has no viruses,” Dolby says.
In many other countries, banks are required to implement such strict access controls. Here in the U.S., banks have no such rules. Bank of America is one of the few banks here to implement similar controls voluntarily. Before logging into their accounts, BofA customers receive one-time-only passwords via texts sent to their phones.
Such extra steps are necessary, Dolby says, because banks and consumers now must assume that their computers are already thoroughly compromised by hackers—that fraudsters are already in our machines, looking over our shoulders, looking for information they can steal that will lead them to cash.
That’s why it’s important to use other kinds of devices to send account access information that changes all the time. The hackers may be able to compromise one system pretty easily, but the chances that they’ll be able to invade two or more systems simultaneously are very low.
“Four years ago, we thought that all we have to do is protect the front door. Well, hackers have shown a pretty legitimate ability to get in the front door,” Dolby says. “So now you have to assume that you’ve already been compromised. So how do we protect the jewels in the vault?”
Image: Amy Lenzo, via Flickr.com