Data Privacy Day: Who’s responsible for keeping customer data safe?

By Karen Wheeler, Country Manager and Vice-President, Affinion UK

Cybercrime continues to dominate the headlines, with high-profile online fraud and data breaches causing disruption across the world. The WannaCry ransomware infection became a global catastrophe, with the impact of the virus reported in 99 countries, including the UK, Spain, Russia and China. Later in the year, Equifax disclosed that around 143 million US customers may have had information compromised in a vast cybersecurity breach, with criminals obtaining Social Security numbers, birth dates, credit card details and addresses in one of the largest data hacks in history.

The WannaCry attack saw hackers exploit a weakness in legacy Windows systems and hold businesses to a bitcoin ransom by encrypting data hosted by organisations who hadn’t applied Microsoft’s latest patches. With this one attack estimated to have cost organisations $4 billion and peaking in May 2017 with 213,000 detections, it’s inevitable that the next global cyberattack is just around the corner.

A time for focusing on cybercrime

With this in mind, it’s not surprising that the 28th January now officially marks international Data Privacy Day. This annual event began in the United States and Canada in January 2008 and has now gone global, with more than 50 countries onboard. It aims to empower individuals and raise awareness about how personal customer data is used, stored and managed – as well as to encourage businesses to respect privacy, safeguard data and enable trust. This is especially relevant for financial institutions like banks and insurers, which see consumers are entrusting them with sensitive data that, if breached, could cost them hugely.

The dual focus of Data Privacy Day on individuals and organisations shines a spotlight on one of the biggest questions in the age of data security: who is responsible, and accountable, for protecting customer data? Is it customers themselves, providers or even government bodies who should be taking charge? If these questions are left unanswered, the war on cybercrime will be lost.

Empowering customers to protect themselves

With the amount of international press attention raising awareness of cybercrime, individuals are all too aware of the threat of attacks. New research by McAfee reveals that 61% of consumers are more worried about cybersecurity today than they were five years ago.

And for many, fraud isn’t just a potential threat – it’s a reality. The Symantec Internet Security Threat Report found that nearly 700 million people across 21 countries had experienced some form of cybercrime. This problem is made worse by the fact that they don’t know where to turn for help; 41% of people globally can’t identify a phishing email and often guess to an email’s legitimacy.

However, steps are being taken by organisations like the UK’s Financial Fraud Action to educate consumers to at least spot basic signs of fraudulent activity.  In 2016, the industry body launched Take Five, a national campaign offering advice to help people protect themselves from preventable financial fraud. Advice which all consumers can use to further secure their data includes never disclosing full passwords, and the warning signs to look out for in suspicious emails or texts which claim to be sent from their bank.

But this is just the start of the education process. What more can financial institutions do to help keep their customers safe from fraudulent activity?

An opportunity for financial institutions to take on a bigger role

When it comes to data security, financial institutions are arguably some of the most important businesses from a consumer standpoint. They turn to insurance providers for additional peace of mind and ensure they are covered when the worst-case scenario becomes a reality. If trust is lost due to data breaches, the relationship will be lost.

Similarly, banks exist to manage and protect people’s finances, so reducing a consumer’s exposure to financial fraud must be a core element of the business. At a time when challenger banks offer more choice for consumers than ever before, it’s important banks offer customers guidance when issues arise and do everything possible to stop them occurring in the first place.

At a time when customers have an abundance of choice, the provision of fraud prevention and resolution services could help them find a much-needed point of differentiation. They can move from the supplier of a specific service – such as a current account or house insurance – to a role in which they add value in multiple areas of the customers’ lives.

Such services would make a huge difference for the customer, especially when it comes to accessing hard-to-access areas like the dark web. The majority of customers won’t know what this is so definitely won’t know how to react if sensitive data is published here. Our recent research into the Nordic region found that 80% of Danes aren’t aware of any services and/or companies that offer help if they have been subjected to identity fraud. Clearly, knowing that the dark web is being scanned for potential breaches offers additional peace of mind. If financial institutions are adding value in this way, not only will consumers feel safe in the knowledge their data is secure but they’re also more likely to become brand advocates when the business is going the extra mile.

Turning the spotlight on data protection

Although Data Privacy Day sets out to raise awareness of cybercrime on a global scale, it’s clear that keeping customer data safe vital all year round. Raising awareness is an important first step but organisations can also offer practical advice and services that further build trust with the brand and minimises the chance of consumers switching providers.

As hackers become increasingly knowledgeable about the weaknesses available for them to exploit customers, ignoring this simply isn’t an option for financial institutions. If they can make themselves indispensable in the fight against cybercrime, they can build towards a more loyal customer base – and keep their reputations intact at a time when data breaches will quickly hit the news.

It’s time for banks and insurers to look beyond the threat and instead see the challenge and increased responsibility as an opportunity to step up and fulfil a new role in their customers’ lives – whether it’s on Data Privacy Day or indeed, any other.