Firms breaching DP Act ‘play into the hands’ of fraudsters
One in five UK businesses are breaching the Data Protection Act, and a growing number admit that in the current economic climate, data protection is less of a priority. Meanwhile fraud continues to grow.
That is the view of Tim Thompson, UK MD at internet fraud prevention company 41st Parameter, who says that a balance has to be struck between compliance, business prudence and the bottom line.
He cites a recent survey conducted by BSI, the UK’s National Standards Body, which found almost one in five businesses has breached the DP Act on one or more occasions – many without even realising it. Whether they failed to hold information securely, illegally transferred information to a third party or neglected other legal obligations, these businesses put their integrity and reputation on the line.
A FraudTrack report estimates that fraud losses stood at £1.19bn in 2008. Any company or business that stores data is therefore having to go that extra mile to prove themselves trustworthy with sensitive customers data, including passwords, credit card details and account numbers.
Thompson comments: “The cost of fraud is much more complicated than ‘how much money a fraudster steals’. This is too much of a short-term view. Now, more so than ever, organised ‘fraud rings’ are cashing in on an underground economy, which deals in stolen personal information.”
The BSI survey goes on to highlight that 65% of businesses provide no data protection training for their staff, nearly half admitted that there is no one in their business with specific responsibility for data protection and 18% of businesses said that data protection is less of a priority in the current economic climate.
“It is understandable that in today’s economy some businesses have elected to cut fraud training, detection and intervention budgets,” Thompson added. “Although this may save businesses money in the short-term, in the long-run it could prove disastrous. If a company is hit by a security breach and data is taken, not only is it highly likely that it will be hit with fraudulent actions, its reputation will quickly become tarnished, and new and existing customers will take their business elsewhere.
“The same solution that stops fraudulent transactions will stop the mis-use of stolen personal details. By creating the equivalent of a fingerprint for every device attempting to log on to a bank’s site, companies and organisations can substantially reduce losses if user IDs and passwords fall in the wrong hands. Preventing stolen credentials being useful to the fraudster is just as important as stopping a fraudulent transaction.”