OBSERVATIONS FROM THE FINTECH SNARK TANK
What did you do when you heard about the 50th (or whatever number it was) data breach that occurred this week? Chances are you did two things: 1) Wondered if it impacted you, and 2) Went back to doing whatever you were doing. We’ve become numb to identity theft and fraud. Many consumers believe that “all of my data is already out there” (which is nonsense—if all of your data was “out there” already, there would be no more data breaches). It’s a pain in the neck to track and respond to all the breaches that occur.
A new website and service from Breach Clarity makes the process easier and better—for both consumers and banks.
Fraud and Identity Theft Prevention Efforts Fall Short
The responses from breached companies are predictable: Offer free credit monitoring or identify theft insurance for customers impacted by the breach. These approaches don’t work as well as advertised, however:
- Credit monitoring isn’t a panacea. Many people lock their credit because they have no plans to borrow. For some other consumers, their exposure to data breaches may put them at greater risk of fraudulent deposit account origination, not credit. Credit monitoring won’t help either group—credit monitoring isn’t helpful for deposit account fraud or existing account fraud, which makes up the lion’s share of all ID theft and fraud.
- Identity theft insurance doesn’t pay (out). Regulators have found that ID theft insurance—which often ranges from $1 million to $10 million—rarely pays out. A study from the US General Accounting Office (GAO) revealed, “Some identity theft service providers acknowledged that identity theft insurance is of limited value to a consumer and that it was hard to imagine covered losses approaching the $1 million limit.”
- Dark web monitoring has limitations. A recent audit of the dark web estimated that there are 15 billion stolen logins from 100,000 breaches available on the dark web. But not all breached data finds its way to the dark web (the Anthem breach is a good example). And what you find there on a Monday might not be there on Tuesday.
Shortcomings of Existing Approaches
Overall, monitoring approaches:
- Only tell consumers what data has been exposed. They don’t tell people what to do about it.
- Address a limited number of types of fraud. There are 12 types of fraud. Can you name them all? I didn’t think so.
- Aren’t personalized. Many people don’t realize that they have a unique level of identity theft and fraud risk that results from their data breach history.
A New Way To Address Fraud and Identity Theft
A new company called Breach Clarity may have a better approach.
The company analyzes every publicly reported US data breach based on more than 1,000 factors, then computes a score for each breach and provides consumers with recommendations on what they should do.
Earlier this year, the company launched a site that offers consumers free access to a searchable database of more than 4,000 breaches (growing at an average rate of 50 breaches each week). For each breach, Breach Clarity reports:
- Breach severity. Breach Clarity’s Richter scale-like score is based on the scope and scale of breach.
- Identity risks impacted. Overall, Breach Clarity tracks 12 different types of identity risk including card fraud, Covid scams, account takeover, credit origination fraud, tax refund fraud, and seven more types of risk.
- Prescriptive actions. The company advises consumers on what they can and should do about the specific breach including controls like setting up two-factor authentication, fraud alerts, and activity alerts.