Breaches may seem like a daily part of life in the information age, but as Intel noted in a recent whitepaper titled “Beyond PCI Compliance: Protecting Consumer Data and Brand Reputation,” the data targeted by cyberthieves and at risk is changing. No longer are they focusing on credit and debit cards — those brazen attempts have been at least partly blunted by EMV and tokenization initiatives.
Now, hackers are increasing efforts to pilfer personally identifiable information (or PII, for short).
PII can include dates of birth, phone numbers, email addresses and other data that is not necessarily well-protected. And just as they are not well-protected, those data points are also hard to change.
And as always, stolen data has its rewards on the black market, according to Intel, citing data culled from Bankrate.com. Credit cards fetch $4 to as high as $12. Personal records that run the gamut from birth dates to Social Security numbers can run from $11 to $30. Bank accounts with high balances, which can be as high as $150,000, sport prices as high as $300. Don’t feel like building your stolen identities à la carte? Buy a whole package for $1,000. Among the most vulnerable victims are children, and their data is as much as four times more valuable than the same types of information pilfered from adults, as noted by Frank Abagnale at a Money20/20 panel discussion.
Is it any surprise, then, that customer churn has been growing at firms that report data breaches? The health industry, according to the whitepaper, sees churn as high as 5.3 percent, with financial firms at 6.2 percent.
There are other costs that can be inflicted, too, as companies in violation of the EU’s General Data Protection Regulation, which will take effect in 2018, can be fined as much as 4 percent of total annual sales.
Intel noted its own tech solutions for transactions, tied to hardware and encryption, focus on personal information and payment card data. The technology, once in place (using Intel processors), allows for the transference of data from terminal to bank servers, bypassing system memory and merchant hardware. The merchant, along with managed service providers, in turn, can monitor and react to data in real time, tailoring rewards and other programs to help boost revenues. There’s also, Intel said, the benefit of new markets that can open up for conscientious MSPs and firms that can demonstrably protect data and identity assets.
To download the full report, “Beyond PCI Compliance Protecting Customer Data and Brand Reputation,” please complete the registration form shown below: