Consumer data protection laws are making their way to the US, and banks and credit unions are at the forefront of those forced to respond.
Data security is now more important than ever. As consumers understand that when they interact with websites, social media, and mobile applications, the information about what they’re searching for and who they are is being collected and shared for profit.
Complying with Privacy
Now, it’s no longer a choice for businesses to pay attention to data security for their customers, the United States has begun a revolution in privacy regulation. US legislation has been introduced to at least 25 states and in Puerto Rico to answer citizens pleas for privacy and safety.
On an international level, the General Data Protection Regulation (GDPR) was adopted in 2016, creating a standard rule book for companies of how to handle the transfer of personal data inside and outside of the European Economic Area.
The first US-specific privacy law passed in California, following the GDPR lead. The California Consumer Privacy Act (CCPA), has served as the foundation for further US legislation, taking effect at the start of 2020. According to the Association For Corporate Counsel, the CCPA protects consumer privacy and provides for general “ownership rights” for their personal information, with respect to California businesses.
Beyond the Law
The amount of legislation created is largely due to the growing narrative of companies losing control of their customer data. Several massive data breaches have shaped the conversation about data security and corporate responsibility in the past year:
- Yahoo fell victim to the most massive data breach of all time affecting over 3 billion compromised accounts.
- Equifax faced a data breach that contained 145 Million accounts.
- Target suffered an attack in 2014, which affected 41 million customers.
What do these breaches have in common?
These are companies that we all interact with daily, and our data is continually monitored, stored and sold. The only way to safeguard and protect our privacy is to introduce protective laws for consumers and to hold companies and organizations accountable.
What does this data security revolution mean for consumers?
We will see new ways to manage our data with companies, comprehensive federal laws and heightened awareness. Consumers can proactively work to protect their data by being smart with their passwords, using anti-malware protection, and sticking to secure wireless networks. While companies are increasing security measures and conforming to GDPA and CCPA regulation, consumers must also know what’s being done with their data and practice safety.
What does this data security revolution mean for financial institutions?
Financial institutions hold the most precious consumer data and are 300 times as likely be cyber attacked, according to the Identity Theft Resource Center. As a result, financial institutions must follow all laws and ensure they are prepared for a possible breach at any moment, if not for financial loss and federal regulation, then for threat their customer/member base detractors. On average, in addition to millions of dollars lost in a data breach, a survey by the Identity Theft Resource Center Financial, noted that 12.3 percent of respondents left their credit unions, 28 percent left their banks as result of unauthorized activity on their accounts.
To stay ahead of attacks, institutions need to staff adequately and implement strict policies to respond to threats. Attackers are using very sophisticated and creative ways to gain access to accounts. This is the best time to implement a multi-tiered security system, including a first-step implementation of Multi-Factor-Authentication (MFA) to help reduce the risk of compromised accounts.
MFA requires multiple security checkpoints for consumers to access their accounts, meaning there are most barriers for attackers to get through. Instead of simply entering a password, you will use your credentials and then authenticate using secondary and separate method, usually a one-time code or PIN number that will be sent to a registered device, like your phone or email. Microsoft claims that MFA can block over 99.9 percent of account compromise attacks.
The use of MFA combats the ability of attackers to use their usual weapons, like pharming and key logging, and provides an institution with tools to protect their consumers, regardless of consumer vulnerability like overused passwords or infected computers.
What does it mean for other parties, like aggregators, needing to access data?
Fintechs have a unique need to selectively share consumer data with third-party applications in ensuring security of their connection. Fintechs that want to eliminate variability engage in a holistic approach to within an ecosystem — a simple solution to combat vulnerability and optimize efficiency, reducing costs and fostering faster innovation.
This ecosystem approach for financial institutions is referred to as open banking and its purpose is to foster the movement of data seamlessly and securely between different customer-centric partners and platforms. Across ecosystem partners, development and implementation is congruent, enabling connectivity without barriers, and an all-encompassing suite of capabilities, backed by secure data connection and trusted methodologies.
Financial institutions and Fintechs are poised to change the financial industry given new abilities to integrate, innovate and grow with their customers and members. With these new technologies and innovations, paired with emerging legislation, also comes a greater need to keep consumer data safe. Through intentional design and a safety-first ideology, banks and credit unions can meet the needs of data security, through mechanisms like MFA or by joining into a technology ecosystem that automates and secures all data and development, so institutions can focus on what really matters: consumer financial awareness and trust.