OBSERVATIONS FROM THE FINTECH SNARK TANK
What did you do when you heard about the 50th (or whatever number it was) data breach that occurred this week?
Chances are you did two things: 1) Wondered if it impacted you, and 2) Went back to doing whatever you were doing.
We’ve become numb to data breaches. Many consumers believe that “all of my data is already out there” (which is nonsense—if all of your data was “out there” already, there would be no more data breaches).
It’s a pain in the neck to track and respond to all the breaches that occur.
A new website and service from Breach Clarity makes the process easier and better—for both consumers and banks.
Fraud and Identity Theft Prevention Efforts Fall Short
The responses from breached companies are predictable: Offer free credit monitoring or identify theft insurance for customers impacted by the breach. These approaches don’t work as well as advertised, however:
- Credit monitoring isn’t a panacea. Many people lock their credit because they have no plans to borrow. For some other consumers, their exposure to data breaches may put them at greater risk of fraudulent deposit account origination, not credit. Credit monitoring won’t help either group—credit monitoring isn’t helpful for deposit account fraud or existing account fraud, which makes up the lion’s share of all ID theft and fraud.
- Identity theft insurance doesn’t pay (out). Regulators have found that ID theft insurance—which often ranges from $1 million to $10 million—rarely pays out. A study from the US General Accounting Office (GAO) revealed, “Some identity theft service providers acknowledged that identity theft insurance is of limited value to a consumer and that it was hard to imagine covered losses approaching the $1 million limit.”
- Dark web monitoring has limitations. A recent audit of the dark web estimated that there are 15 billion stolen logins from 100,000 breaches available on the dark web. But not all breached data finds its way to the dark web (the Anthem breach is a good example). And what you find there on a Monday might not be there on Tuesday.
Shortcomings of Existing Approaches
Overall, monitoring approaches:
- Only tell consumers what data has been exposed. They don’t tell people what to do about it.
- Address a limited number of types of fraud. There are 12 types of fraud. Can you name them all? I didn’t think so.
- Aren’t personalized. Many people don’t realize that they have a unique level of identity theft and fraud risk that results from their data breach history.
A New Way To Address Fraud and Identity Theft
A new company called Breach Clarity may have a better approach.
The company analyzes every publicly reported US data breach based on more than 1,000 factors, then computes a score for each breach and provides consumers with recommendations on what they should do.
Earlier this year, the company launched a site that offers consumers free access to a searchable database of more than 4,000 breaches (growing at an average rate of 50 breaches each week). For each breach, Breach Clarity reports:
- Breach severity. Breach Clarity’s Richter scale-like score is based on the scope and scale of breach.
- Identity risks impacted. Overall, Breach Clarity tracks 12 different types of identity risk including card fraud, Covid scams, account takeover, credit origination fraud, tax refund fraud, and seven more types of risk.
- Prescriptive actions. The company advises consumers on what they can and should do about the specific breach including controls like setting up two-factor authentication, fraud alerts, and activity alerts.
Breach Clarity’s approach goes beyond just providing information and advice. By analyzing the types of data that were breached, the firm can predict what types of financial crimes could be committed in the future.
Breach Clarity’s Secret Weapon: Bank Integration
Breach Clarity has a hurdle to overcome, however: Consumers aren’t likely to check a website every week to see what breaches occurred and what to do about them.
The startup has an answer to that: It’s integrating its identity protection services into banks’ digital banking platforms.
Integrating identity protection services into the digital banking platform:
- Makes it more convenient for consumers (especially those who use their bank’s mobile banking app multiple times a week) to monitor and respond to data breaches, and
- Enables banks to better personalize recommendations for consumers’ unique risks.
Banks To The Rescue?
Banks need to take the reins back from the credit reporting agencies when it comes to providing consumers with guidance and assistance in preventing and managing identity theft and fraud.
Banks should view identity protection as a component of financial health, and bolster their digital apps and websites with identity safety tools to complement free credit scores and financial calculators.
For banks, it’s more than just doing some nice for their customers—it’s an opportunity to reduce costs for:
- Fraud. Banks spend roughly $40 billion in fraud. Driving more consumers to adopt two-factor authentication and other actions that prevent identity theft, banks should see a reduction in that expense.
- Customer support. Not included in that $40 billion estimate is the cost of supporting consumers who are fraud victims of fraud. One out of every two breach victims has called their bank’s call center for support.
There may be a revenue angle for banks, as well. Although they would incur a fee to integrate Breach Clarity (which could be more than offset by reductions in fraud expenses), customers who upgrade to Breach Clarity’s premium service could generate non-interest income for banks in the form of a revenue share.