How much customer Data do you have inside your organisation? Hopefully a bit more than the luckless people at Citigroup, who in June had to tell some 3.9 million of its US customers that computer tapes containing account information had been lost by UPS.
Or indeed have more luck than the guys at HSBC North America, which in April had to fess up to users of its General Motors-branded MasterCard that their details might have been stolen.
For a while there it was hardly possible to click on a news website without seeing another example of porous electronic security. In that same month for example, Ameritrade misplacing four back-up tapes and only getting three back.
Meanwhile, in what was probably one of the most audacious of all acts of hacking, a cyber-burglar stole 40m MasterCard and Visa accounts stored in the database of an Arizona-based data broker called CardSystems. A script he’d slipped into the company’s electronic safe piped a zip file with all the credit card details to an internet address. Ouch.
The issue of IT security is never far from the mind, especially in the current climate of interest in compliance. But this rash of bad security news harkens back to the ‘wild west’ days of the early world wide web and all those worries around the dangers of electronic passing of credit card numbers over the net.
Actually, that problem hasn’t gone away – the Y2K of retail, the introduction of chip and pin, notwithstanding.
In the period January to June 2004, before the little card readers got rolled out, card-not-present scams netted fraudsters £70.2m, but in the first half of this year, losses grew to £90.6m. According to the folk at the UK payments association APACS, the internet part of this jumped five per cent to £58m.
The upshot of this entire depressing trend seems to be that security remains the imp in the bottle for IT. It is all too easy for a bank’s customer details to end up on the internet. But security glitches alone are just a small part of the issue.
There’s actual devilment going on too. In November Sir Callum McCarthy, chairman of the FSA, warned a conference on financial crime that there’s “increasing evidence” criminals were getting jobs in financial services so they can carry out frauds.
In the same speech Sir Callum took a sideswipe at another part of the vast compliance infrastructure where data protection regulations make it harder to investigate staff pasts.
How much use are data protection regulations when we get told that the DVLA admitted to offering sensitive details about UK motorists to private car-parking companies?
Nearly 160 firms have been granted access to an official database of confidential information about Britain’s 30m drivers, at £2.50 a pop, The Mail on Sunday recently revealed. That’s a bit cheaper than what The Sun says it was offered by a bent worker at an Indian call centre in June. 1,000 UK customer bank account, credit card, passport and driving licence details were allegedly being offered for £4.25 each.
Before the little card readers got rolled out, card-not-present scams netted fraudsters £70.2m, but in the first half of this year, losses grew to £90.6m
Something’s going wrong somewhere. Or is it? Human nature tends to suggest we have a capacity for dodgy dealing laid down probably at the chromosomal level. In the same way sex is the first application for most new communications technologies, graft can’t be far behind. Messing about with electronic customer data is where the money is these days.
Which brings us back to our opening question: customer data, and how much of it do you have inside your organisation? Chances are, more than you’d like in some ways. After all, you now have to protect it, store it, and pay for its upkeep – small wonder IDC just told us the storage market jumped 12.5 per cent year-on-year. And also watch that your staff don’t get their sticky fingers on it. Unless we find a radical solution, this issue is just going to be future news for headline writers, storage floggers, security consultancies and thieves. Welcome to the (in)secure brave new world of the information age.