Logo

Site non disponible sur ce navigateur

Afin de bénéficier d'une expérience optimale nous vous invitons à consulter le site sur Chrome, Edge, Safari ou Mozilla Firefox.

adnews

Data Security: Authentication and Customer Data

  • According to Javelin’s Annual Banking Identity Safety Scorecard, US financial institutions might not be paying enough attention to their customers’ data: many are still using Social Security Numbers in authentication contexts. Also, this report insists that banks’ fraud prevention has worsened over the years: only 54% now meet with this study’s criteria –versus 79% in 2009.
  • None of the investigated institutions actually forbids the use of Social Security Numbers when dealing with customer authentication by phone, by e-mail or online.
  • However, these numbers are prime targets for fraudsters and their repeated use might compromise their value.
  • The issue of data security is currently being debated internationally. A recent KPMG study on users’ behaviour based on 10,000 responses from 31 countries, shows that their habits are still worrying. While two-third would agree to use e-purses and 56% say they do trust their bank, 66% would readily share some personal pieces of information in exchange for special offers. Yet, paradoxically, they still feel concerned about the security of their data.
  • The same study shows that 30% of those interrogated trust e-commerce websites. To this respect, according to SecuriyMetrics, 71% of these websites had unencrypted payment card data stored in their systems in 2011 (8% more than in 2010). Some non-PCI-DSS-compliant websites even seem not to be aware of how illegal and dangerous this storage is.
  • Also paradoxically, a UK-centred study released by Experian explains that Internet users are irritated when having to wait over four minutes to complete authentication processes on e commerce websites: 44% would then drop their purchases. The transaction security/customer satisfaction ratio is uneasy to balance and, to be successful, the implemented measures must envisage both these aspects of online interactions.
  • Finally, this month’s headlines have featured the potential hacking of security company Stratfor, working with large scale customers such as the U.S. Defense Department, Army, Air Force, as well as with industry giants (Apple, Microsoft, etc.). There again, card data would have been retrieved due to alleged poor encryption measures (or lack thereof).