Security & Fraud

Moving To Safeguard PII, Bit By Byte And Chip by Chip

Hackers Trade Identity Data

Cyberfraud is moving beyond credit and debit cards to grab the sensitive data that sells briskly on the black market. In a recent whitepaper, Intel delved into the lure of personally identifiable information (PII) and how to protect it — even with hardware.

Breaches may seem like a daily part of life in the information age, but as Intel noted in a recent whitepaper titled “Beyond PCI Compliance: Protecting Consumer Data and Brand Reputation,” the data targeted by cyberthieves and at risk is changing. No longer are they focusing on credit and debit cards — those brazen attempts have been at least partly blunted by EMV and tokenization initiatives.

Now, hackers are increasing efforts to pilfer personally identifiable information (or PII, for short).

PII can include dates of birth, phone numbers, email addresses and other data that is not necessarily well-protected. And just as they are not well-protected, those data points are also hard to change.

And as always, stolen data has its rewards on the black market, according to Intel, citing data culled from Credit cards fetch $4 to as high as $12. Personal records that run the gamut from birth dates to Social Security numbers can run from $11 to $30. Bank accounts with high balances, which can be as high as $150,000, sport prices as high as $300. Don’t feel like building your stolen identities à la carte? Buy a whole package for $1,000. Among the most vulnerable victims are children, and their data is as much as four times more valuable than the same types of information pilfered from adults, as noted by Frank Abagnale at a Money20/20 panel discussion.

Is it any surprise, then, that customer churn has been growing at firms that report data breaches? The health industry, according to the whitepaper, sees churn as high as 5.3 percent, with financial firms at 6.2 percent.

There are other costs that can be inflicted, too, as companies in violation of the EU’s General Data Protection Regulation, which will take effect in 2018, can be fined as much as 4 percent of total annual sales.

Intel noted its own tech solutions for transactions, tied to hardware and encryption, focus on personal information and payment card data. The technology, once in place (using Intel processors), allows for the transference of data from terminal to bank servers, bypassing system memory and merchant hardware. The merchant, along with managed service providers, in turn, can monitor and react to data in real time, tailoring rewards and other programs to help boost revenues. There’s also, Intel said, the benefit of new markets that can open up for conscientious MSPs and firms that can demonstrably protect data and identity assets.

To download the full report, “Beyond PCI Compliance Protecting Customer Data and Brand Reputation,” please complete the registration form shown below:

Your First Name (required):

Your Last Name (required) :

Title (required):

Company (required):

Country (required):

Email (required):


Latest Insights: 

The Payments 2022 Study: Building A High-Performance Payments Team For Fraud Detection, a PYMNTS collaboration with Stripe, examines how digital platforms of all sectors and sizes plan to develop their anti-fraud teams as part of their their broader growth and development strategies. Drawing from an extensive survey from approximately 250 payments heads at digital platforms in the U.S. and abroad, our study analyzes how poor anti-fraud capabilities can harm platforms’ long-term growth strategies, and how they can build high-performing teams to tackle these challenges.

Click to comment


To Top