Electronic Payment Security

Are Local Governments Doing Enough to Manage Risk and Meet Citizen Expectations?

(This article is republished from The Alliance for Innovation’s December 2014 Solutions Journal.)

High profile breaches at Target, Home Depot, P.F. Chang’s, Staples, and many others have put credit card security in the spotlight. In a recent broadcast, 60 Minutes called 2014 the “year of the data breach.” That label might apply in 2015 as well, since the issue isn’t improving fast enough.

Cybercrime is increasing at an alarming rate with no sign of slowing down; cyber incidents quadrupled from 2008 to 2013. A report released in June, by the Center for Strategic and International Studies, estimated the likely annual cost of cybercrime and economic espionage to the world economy at more than $445 billion — or almost one percent of global income.

The consequences of a data breach to an individual organization are massive. For example, the direct costs of the December 2013 Target breach will top $1 billion. Of course, that cost doesn’t take into consideration the damage to Target’s reputation with the general public.

Many Target customers dealt with the hassle of having to closely monitor their credit and get their cards reissued. Approximately two million customers actually had their credit card information sold on black market web sites. Their tarnished image and a 46% drop in profits following the breach ultimately led to the resignation of Target’s CEO and other key executives.

While data breaches at large retailers garner most of the media attention, government agencies are also in the crosshairs of cybercriminals. Rapid7, a security intelligence company, reported that between January 2009 and May 2012, 94 million records were compromised in government data breaches. As was the case in the Target and Home Depot instances, many of these breaches can be traced directly to international crime syndicates in Russia, China, and Eastern Europe.

A mid-sized city in the Midwest recently had its website and databases hacked by a Turkish group targeting government sites; thereby compromising names, addresses, Social Security numbers, and possibly credit card data. It was embarrassing and costly for the city, which had to handle thousands of calls from frustrated citizens as well as deal with the negative press. What’s more, the city then had to expend time, resources and money to rectify the breach including free credit freezes (which, at $5 per person, add up very quickly) for the affected citizens.

Unfortunately, this isn’t an isolated example. According to the Verizon 2014 Data Breach Investigations Report, breaches from malicious hacking, malware, and social engineering attacks have gone up a mind-boggling 500% in the last four years. The reasons for these increases are simple:

  • Ineffective, easily penetrable security systems that leave businesses vulnerable
  • Highly profitable returns for criminals; and
  • Understaffed, technologically-disadvantaged law enforcement unavailable and/or unable to apprehend and prosecute criminals.

The bottom line is that there are burgeoning numbers of cybercriminals out there and their numbers will continue to grow as opportunities increase. Like any offense, data breaches are a crime of opportunity; albeit a virtual one.

John Schott

Vice President

With more than 20 years of experience, John has worked with hundreds of billing organizations across North America. John is an expert in usability and is a frequent speaker on the topic of paperless billing and electronic payment best practices, including strategies for customer adoption, security and compliance, staff productivity, and process and technology optimization.