Taking data breaches personally
/Jim Van Dyke is Senior Principal of Innovation at TransUnion and a top analyst on the impact of data breaches. He was the CEO and founder of Breach Clarity, which was acquired by TransUnion.
Despite overwhelming public concern about the vulnerability of personal data, many people don’t take the most basic actions to protect themselves against identity crime and financial fraud. That said, research shows inaction isn’t caused by apathy but rather confusion. When offered clear guidance, consumers are more than willing to address those threats.
As trusted organizations expected to protect personal information, financial institutions are perfectly positioned to help consumers better respond to the risks posed by data breaches and subsequent cybercrimes that occur in their wake.
Why are financial institutions uniquely suited to help consumers with this task? Since they’re already situated as agents of financial wellness, adding this new dimension to their offerings helps deepen relationships with today’s financial customers who seek increased customization. As personalization continues to emerge as a core capability in financial services, technology provides new ways to more precisely manage identity risks — a top concern found in TransUnion’s ongoing consumer surveys.
Data breaches are reshaping individual risks daily
People often don’t take the actions needed to address core concerns, a reality most financial institutions recognize. While this inaction can be labeled apathy or even laziness, TransUnion research arrives at a different conclusion when it comes to identity risks and resulting financial fraud.
People are simply confused and overwhelmed, and how can we blame them?
Data breaches are now so common, massive leaks only create brief blips in the news cycle. Consumers aren’t always sure what they should do — or if their actions will matter. Our ongoing analyses show the severity of data breaches has amplified, raising the stakes for consumers. At the same time, the availability of valuable guidance is scarce.
Unfortunately, there is no cookie-cutter prescription to help consumers protect themselves. No two individuals face the same threats, since each consumer’s risk is often shaped by how their personal data has been compromised. Used in different combinations, that information can bring risks across a broad spectrum of potential crimes, extending beyond common scenarios people worry about like credit card fraud or financial account takeovers.
Artificial intelligence, however, can open new doors, helping financial institutions fend off threats.
Understanding personalized identity risk
AI’s ability to ingest and analyze vast amounts of data creates tremendous opportunities for security insights. By processing details from publicly reported data breaches and dark web feeds, these tools can calculate a personalized identity risk score for every financial consumer based on their unique breach history.
This identity risk score gauges the likelihood that an individual may fall victim to identity crimes. It’s derived from a detailed analysis of how exposed identity credentials, such as a person’s name, Social Security number (SSN), payment card information or birthdate, can elevate their risk exposure to 12 distinct identity crimes. Those four identity credentials are just some of more than 1,000 pieces of information that can be considered.
Fraud patterns can be reverse engineered by examining the specific identity credentials exposed in various breaches. For instance, an exposed SSN significantly raises the risk of crimes like new credit fraud, existing deposit account takeover and tax refund fraud. But it doesn’t necessarily raise the risk of payment card account fraud since SSNs aren’t required to approve payment card transactions.
Just as consumers can use credit scores to guide their credit health, a personalized identity risk score can provide guidance to reduce the individual’s risk if clear and concise recommendations on how to improve their score are provided. If an individual's top predicted risk is tax refund fraud, they can prioritize securing an identity protection PIN from the IRS and file their tax return promptly. Meanwhile, an individual who is at risk of financial account compromise can adopt stronger passwords and enable multi-factor authentication.
Our data shows when provided in the right context, this personalized information can be an antidote to inaction — empowering individuals to take control of their identity security and empower them with a toolkit that can improve their dynamic risk score in real time.
From one to many
Ultimately, personalized identity risk assessments are about more than the individual. They foster security-conscious attitudes and behaviors that can improve the overall vulnerability landscape, making it more difficult for cybercriminals to succeed.
Personalized guidance helps individuals confidently and effectively navigate the ever-evolving threat landscape. As more people understand the risk environment and take action, the ripple effect enhances the security of the broader financial ecosystem, benefiting everyone.