On-line Security and Identity Theft
Friday, June 29th, 2007Risk management is not just about credit and market risk. As pointed out in a response to Tim Trent last March (http://www4.sungard.com/blogs/riskManagement/#comment-11) the importance of maintaining customer confidence in a bank’s on-line security is a significant reputational issue. Furthermore, the issue is not just a defensive one. Banks that are recognized as taking on-line security seriously can gain a competitive advantage as people become increasingly uneasy about identity theft and other types of fraud. Not only that, but effective security can have a significant impact in limiting the frequency of compensation payments.
Some banks learned very early that they reap a huge benefit when customers shift to on-line bill payment, since customers themselves enter the electronic information that becomes the basis for the ensuing transaction. This eliminates a great deal of internal manual entry that is both costly and error prone. For this reason, most banks quickly eliminated extra fees for on-line banking privileges, since maximizing the number of customers using this service is highly advantageous. This point needs to be remembered when it comes to weighing the cost of improved on-line security measures. Even if long-standing customers don’t switch to another bank when they are nervous about security, they still may revert to using old fashioned checks rather than banking on-line. It seems to me that progress in this area has been surprisingly slow given that there are both competitive advantages and risk control benefits from more advanced security measures.
For those interested in the specific area of identity theft and examples of both good and bad practice, an interesting website is http://www.meandmeblog.com/. Two recently featured stories concern:
- A man who was arrested for a crime committed by someone else who had stolen his identity.
- A charitable organization (which I will not name but you can find its identity at http://www.meandmeblog.com/ in the Latest Comments section) that sent out a solicitation letter to supporters with their social security numbers on the OUTSIDE of the envelopes!
Surely the second of these indicates that some “awareness enhancement” is required around the issue of securing personal information in our brave new world of electronic commerce.
(I am reminded of a cartoon I saw about ten years ago, when the web was in its infancy. It showed a Dalmatian sitting in a desk chair in front of a computer and saying to his companion standing on the floor, “The best thing is that on the internet no one knows you’re a dog.”)
