If your personal data and credit account details were stolen recently, your choice is basically to get another card or start paying for things with cash. For companies, retaining clients means winning back trust. While banks, store chains, and credit card processors point fingers at each other, shoppers can only mop up the leak and hope there's no long-term harm to credit scores or financing.
Fortunately for retailers, shoppers seem to like bargains more than they care about protecting personal customer data. After all, a data and WiFi breach in 2007 lasted years according to ZDNet. And the companies involved are still serving up deals after paying fines, upgrading systems, and offering customers credit report monitoring.
Getting customer data back once it's stolen is like trying to breathe only certain molecules of oxygen. Companies know they can't undo an attack. The best defense is to make an attack difficult and time consuming, the way a home alarm system tells thieves to look elsewhere.
By the time a breach is discovered, the damage is already done.
In the case of a major breach, reputation loss for a company may be enough to make them shut their doors forever. Even a low-value asset like a password from a closed account that people never use may send the message that a company is lax about protecting other, more critical, customer data.
Consumer IT has made people more social, mobile, and collaborative, yet many are overlooking the need to secure devices and data, a key reason this topic was on the RSA Conference agenda. Companies AND consumers should be protecting their own identities and data by monitoring accounts and credit reporting to avoid a problem, the same way auto insurance companies reward drivers who use monitoring devices that show the car is being driven safely.
Prof. Alex (Sandy) Pentland of MIT has led global CEOs in a program on Big Data that starts with asking what organization owns the customer data and where it resides. He proposed a New Deal on Data, and related to his work is the US Consumer Data Privacy Bill of Rights, which puts individuals more in charge—though perhaps not in control—of their own data stream. The ultimate goal is to make Big Data safer and more transparent. It is more likely to be accurate if it is managed by the person or company most affected instead of a middleman.
While the European Union has a very high standard for data security, the US has 50 different state laws with varying requirements for recording and reporting breaches. Retailers and card providers have said in the aftermath of the Target hack that they will offer more secure chip cards and take added steps for guarding unintentional sharing of data.
Companies are asking tougher questions of their partners and security providers and are following the data trail. And after repeated breaches and inconveniences, consumers are finally taking a proactive interest in their own protection. Relying on a third-party is no longer enough.