Once More Unto the Security Breach

Credit card

For the third time this year, I opened an unmarked envelope to find a new credit card glued to the insert. Actually, it wasn’t a new card. Just a replacement for my current card, now unusable because of a security breach somewhere. I’ll be amazed if this card makes it to the end of the year. Sound familiar?

Security Breaches on a Massive Scale

Huge data breaches affecting millions of American consumers seem to be happening with regularity these days. Two major recent breaches at large retailers exposed the credit and debit card numbers of some 96 million customers. Another breach at a large financial services company left the financial information of 83 million households and businesses at risk.

>> 10 Ways to Protect Yourself from Identity Theft

And that’s not to mention the dozens of other smaller breaches at stores, restaurants, schools, government agencies and health care providers that are making news around the country. So many data thefts that some worry the steady stream of bad news is leading to “ security breach fatigue,” making consumers numb to the constant loss of their data.

The Life Cycle of Stolen Data

Who is behind these security breaches, and what do they do with the information? In fact, the life cycle of stolen data follows an efficient and complex supply chain.

One group, using malicious software or other means, steals the data and sells it in bulk to wholesalers. From there, wholesalers use secretive websites to sell smaller sets of data to anyone who is willing to pay.

And how much is your good name and personal information worth to criminals? As little as $20 per account, it turns out.

After purchasing the data, thieves use the stolen information to create counterfeit cards to buy goods and services — often from businesses in the same zip code as the victim’s home. Once financial institutions block that card, the thieves switch to a different stolen account. There is no shortage of newly compromised accounts for sale.

Stopping Security Breaches

The chronic nature of security breaches has many wondering if it is possible to stop these types of incidents. It seems obvious current data protection practices are not working and need improvement. Yet, little agreement exists about who should be responsible for doing this.

Some in the financial services contend that merchants are using weak data security practices. Others suggest it is credit card and payment card system companies that must improve their security to prevent these types of breaches. In the end, everyone wants someone else to pay the costs associated with upgrading data security software and equipment.

Members of Congress have introduced three pieces of legislation requiring the use of new, and more secure, technologies to protect consumer data at private businesses. However, none of the proposed bills has garnered much support. Action on this issue in the near future seems unlikely.

The frequency of data breaches shows why legislators, regulators and the financial services industry must prioritize the development of technological advances to protect the financial information of consumers.

Image courtesy of Jasmyne Jackson


Neal Walters is a policy research senior analyst for the Economic and Consumer Security Team who publishes on topics including financial information privacy, identity theft, affordable home utilities, prepaid cards and credit reporting.



Also of Interest

See the  AARP home page for deals, savings tips, trivia and more.

Search AARP Blogs