In a world where data breaches have become more prevalent, having a response plan to address a breach incident can be just as important as the security measures taken to prevent one. Timothy Walsh, Director of Data Breach Services at TransUnion, explains how a strong credit monitoring platform can empower consumers to better detect potential fraudulent activity.
The massive cost of data breaches
The cost of a data breach is significant: In 2018, the average cost of a data breach to a Canadian organization was $4.74 million1. The average cost for each lost or stolen record containing sensitive, confidential information was $148 — and as of July 2018, 2.6 billion records were exposed in data breaches.
Organizations under a global spotlight
While the reputational damage caused by a data breach may not be as easy to quantify as financial costs, it is nevertheless a huge concern. When customers lose trust, businesses lose customers.
In 2017, 65% of companies impacted by a data breach chose not to notify potentially affected consumers of a data loss —perhaps, in part, to preserve their reputation. But for organizations in Canada, choosing not to report is no longer an option: Mandatory breach notification legislation came into effect Nov. 1, 2018. This means organizations suffering any loss of personal information that causes a real risk of significant harm are required to notify all potentially affected individuals.
High-profile breaches over the last few years have been under the global spotlight, raising awareness and concern among consumers and the organizations they trust with their personal and financial data. Every organization, regardless of size or potential exposure, should take this seriously and have controls in place to proactively guard against data breaches — as well as having a plan to respond to a breach, should security measures fail.
Your breach response toolkit for ‘when’ not ‘if’
With so many avenues through which a data breach can occur, having an ‘it can’t happen to me’ attitude is unwise. A breach response plan is imperative to helping you minimize financial loss— and can help with regaining customer trust.
To help with preserving your reputation and credibility, and aid in protecting your customers, you should be prepared for possible worst-case scenarios. This can mean being able to quickly take action when faced with a potential data breach by working to assist potentially affected customers and examine ways to assist those who may be vulnerable to further breaches.
Tools organizations can consider:
- Credit reports: As a snapshot of a consumer’s credit history, the credit report can be an effective tool for helping consumers determine if they may be a victim of identity theft or fraud. The average North American organization can take approximately 196 days to identify a potential compromise of data. A credit report can help consumers with reconciling historical inconsistencies.
- Credit monitoring: Credit alerts can provide consumers with insights into key changes on their credit file and can serve as a fraud detection mechanism. For example, if a new credit inquiry was originated or a new credit product was opened.
- Providing customers access to online educational resources: Understanding how to spot potential identity theft, and some steps to take to help remediate, are important pieces of information for consumers to be aware of — both before and after personal information may have been compromised.
- Identity theft insurance: This can provide consumers with “peace of mind” by providing some financial compensation should they be a victim of identity theft.
- Dark Web monitoring: Dark web monitoring is a key feature in identity theft prevention, scanning the internet for a consumer’s personal or financial information on the dark web and receiving alerts if any data is found can be helpful for identity theft detection.
Data can help organizations identify patterns and trends that can assist with leading you to potential sources of the breach and help you with determining its potential scale. You can also be in a stronger position to identify and remedy vulnerabilities that may have exposed you to the breach. To help show you’re taking action and responsibility, you should implement a communication plan that targets to inform impacted customers, before they hear the news elsewhere and lose confidence in how you’re handling the situation — and their data.
You should also have a robust remediation strategy to assist customers who may be victims of fraud, as well as to help with rehabilitation.
Use the credit monitoring alarm system
Criminals who steal personal or financial data want to monetize it as quickly as possible, potentially either by selling it to a third party or using it to apply for different credit products. Credit monitoring platforms are a powerful tool for detecting identity theft and helping consumers take action efficiently to address potentially fraudulent activities on an identity.
If your consumers are enrolled in a credit monitoring solution, they’ll receive alerts of credit inquiries made to their credit file and alerts to material changes made to their credit file, in addition to unlimited access to their credit report and score. As soon as they’re alerted to credit inquiries and changes to their credit file, they’ll be able to contact the organizations involved or the credit reporting agency, which can help the consumer investigate the situation promptly. These platforms can play a key role in your strategy.
The credit monitoring service essentially helps as an early-warning system for potential identity impersonation or fraud, which may be as a result of a data incident. If a consumer’s data has been potentially exposed and used fraudulently the consumer will be able to investigate the alert and take action. Additionally, credit monitoring can enable consumers to review the information reported on their credit file prior to receiving alerts through a credit monitoring solution.
When incorporating credit monitoring into your data breach response plan, remember that awareness and adoption are key. Educate your customers on all aspects of the monitoring service so they are better prepared to quickly identify any potential misuse of their personal information and potentially fraudulent activity on their credit file, and this can help them understand who to contact if they suspect a case of identity theft. This will assist with instilling consumer trust.
Learn more about TransUnion’s solutions
TransUnion is a global data provider that reports the financial and credit information of approximately 28 million credit-active Canadians. Our technology and data capabilities allow us to develop innovative solutions that assist organizations with breach response plans for different consumer demographics.