Wednesday, July 20, 2011

Lessons learned from Citibank's data breach

Earlier this month Citigroup's credit card portfolio was hacked by criminals who apparently exploited a flaw in the browser window. This enabled them to go from one account to many others, capturing names, account numbers, emails and transaction history for roughly 360,000 customer accounts. The Ponemon Institute estimates the average cost of the data breach at $214 per compromised record, or $77 million in Citibank’s case.

Other recent high profile breaches include Sony Online Entertainment (over 100 million records) and Epsilon (they won’t say exactly how many). According to DATALOSSdb; breaches whether through hacking, loss of records or even theft of snail mail are occurring on a daily basis, and it’s not only large organizations that are targets. This month’s list includes banks, insurance and healthcare providers, utilities, government and educational organizations as well as supermarket chains.

“Growing concern about paperless” for consumers


What does this mean for businesses? It indicates that the threat of a data breach is extremely real and should be taken very seriously, but also, it requires companies to address customer concerns about doing business online. A growing fear among “paperless” consumers (and those considering eBilling) is “what if my online account is hacked, changed or deleted and I have no record of my usage or bill pay activity?”. One consumer advocate suggested that we all go back to receiving paper statements in the mail. That way we have tangible proof of all recent activity and payments.

But is going back to paper statements really a viable solution?


It’s an extreme theory, but one that resonates with some people. One of the biggest points of resistance to going electronic is that customers feel they are losing control over their bill or statement. Those that do access bills online complain that in order to manage their many accounts effectively, they need to visit each biller’s website and print or download a PDF copy of their statement from each one. Surely this is more hassle than waiting for the mail to arrive?

Winning the battle against customer resistance with robust technology


Delivering an encrypted copy of each statement directly to the customer’s email inbox is the most applicable solution in the market today. Regardless of what happens online, customers can print or save (in an encrypted format) a complete history of their relationship with their bank or biller. With its additional security features, such as including an authentication section at the top of emails and email personalization, the customer’s fears of phishing are alleviated. Customers can also decrypt, view and save documents offline, which reduces security threats of malware and spyware.

Distributing your billing / statement information to email inboxes, rather than consolidating all history and activity in one place, may serve to dilute the threat of criminals looking to hack your eBilling portal. Just as important, is winning the battle against customer resistance to going paperless, especially in the wake of increasing concern over data breaches.

Don’t let other companies’ data breaches reduce your eStatement adoption


The answer to customer’s fears of losing control over their documents is to “deliver” a tangible electronic copy of everything you send to your customers today in a more secure format than paper mail or online presentment – an encrypted attachment to an email.

Push the documents to your customers and all resistance will crumble.

No comments: