In the wake of the massive hack of Equifax, U.S. banks are leveling up their anti-fraud game in response to the fact that 143 million Americans have now had their official data stolen. That is about half of the population of the U.S. — and the vast majority of the adult population.
Executives at Citigroup and Wells Fargo have both noted that customers will now have to put up with a host of new security checks, as the risk of identity theft just increased monumentally.
And that is really saying something, since it was a pretty big problem before — worth an estimated $16 billion a year in the U.S.
“You’ve got to put on some additional screening to make sure that you really are dealing with the person who they purport to be,” said John Gerspach, chief financial officer at Citigroup, according to The Financial Times. “We’ve got other techniques and other questions we can ask that are not part of the database that’s been breached.”
John Shrewsberry, chief financial officer at Wells Fargo, said, “There will have to be incremental precautions” following the Equifax data loss.
Now facing the reality that many SSN-based security measures have been compromised fundamentally, banks are looking at others ways to authenticate — and looking at the firms that provide that ability.
“A lot the banks are saying it’s a lightbulb moment for them,” said Vijay Balasubramaniyan, co-founder of Pindrop, which analyzes voices to prevent phone fraud. “If you look at the information that got out, it’s everything banks use to identify you.”
Moreover, he said, most of the tools built to protect users from account takeover and identity theft are seriously thwarted by the power of the Social Security number — in concert with the other data thieves took.
“It can all be bypassed by providing information, such as [one’s] birthday and Social Security number,” said Alex Heid, chief research officer at SecurityScorecard. “That’s where the core of the problem is.”
Banks are actively seeking out other information and data on consumers in an attempt to fix authentication — particularly like the kinds of things that hackers would find hard to imitate (how fast one types or how one holds a phone, for example). Consumers are also notably putting additional locks and freezes on their credit — though Citigroup’s John Gerspach notes that is of limited effect.
“While the number of locks and freezes has grown a lot [after the Equifax hack], it is still a relatively small percentage of the overall credit population,” said Gerspach. “So, it really hasn’t had a significant impact as yet on our ability to acquire customers.”