article

Inside the Equifax Fallout: Painful Takeaways, Future Regulation, and the Partner’s Role

Shutterstock

Data Breach

… access social media accounts opens up the possibility of posing as the victim for phishing purposes.

“The lesson that we believe you can learn from that is don’t use very weak passwords and definitely don’t use your identity on non-corporate systems, because it absolutely exposes you to the possibility of being coerced,” Liff said.

The End of SSN?
AvePoint's Dana Simberkoff

AvePoint’s Dana Simberkoff

Dana Simberkoff, AvePoint‘s chief risk, privacy and information security officer, says the stolen social security numbers represent one of the most understated problems in data protection. She argues that social security numbers and birthdays are an outdated method of identifying someone.

“And this is something that we’ve known is a risk for a really long time, and the fact that this is still a way that we handle identity — that should be talked about more. Because we have much more secure ways of doing it, and still today all these years later, your social security number and your birthday [are] the keys to unlock your identity. Not only online, but around your doctor’s offices and all kinds of places, and it just shouldn’t be anymore,” she said.

Simberkoff says there are plenty of authentication alternatives to using social security numbers as identifiers.

“The iPhone is coming out with facial recognition technology. We have all kinds of two-factor authentication that we can do through computers, through our fingerprints, through biometric data,” she said. “We have so many different options for identifying who a person is in a way that is far less likely to be compromised than a paper.”

David Liff agrees that biometrics could be the best way to identify customers. And he says change is already on its way in many major firms.

“Post-Equifax, many of the banks that issue credit cards already started to consider what other points of data they can use that have not been collected centrally,” he said.

Regulation

Experts suggest that America is on track to follow the path of Europe in the area of customer data compliance. Although measures like mandatory breach reporting exist in the U.S., companies across the pond must keep in line with far more stringent measures when handling their clients’ personal information.

“If you go to a restaurant in the U.S.A. today, you give your credit card in the bill to the waiter, who walks off with your credit card. In Europe there are regulations that say that cannot happen,” Liff said.

The European Union will soon implement the General Data Protection Regulation (GDPR, which you can learn more about in further detail), which could be a template for …

Pages: Previous 1 2 3 Next


Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 61643