Identity theft and data breaches of credit card companies, banks, payment processors and other financial institutions have become an increasingly serious problem. Financial data is extremely sensitive and breaches expose the institution to liability, disrupt customers’ financial needs and threaten the integrity of the overall financial system. While these institutions have among the most sophisticated security infrastructure available, breaches still do occur.
Federal government regulators recognize this, and an alphabet soup of agencies are involved in financial system regulation. The most recent form of regulation comes in the Dodd-Frank law. While the law focuses primarily on curbing banking excesses such overly-aggressive foreclosure policies and other predatory practices, it also includes provisions related to data security.
The Dodd-Frank Legislation also requires financial institutions to implement formal, written identity theft protection plans “designed to detect, prevent, and mitigate identity theft in connection with certain existing accounts or the opening of new accounts,” (via Hunton Privacy Blog).
Financial institutions must ensure their remote access policies are designed with best practices in mind and not simply to meet a slew of government regulations. A common complaint among security teams at banks, for example, is that they spend so much time keeping track of and following government regulations, they have neither the time nor the budget to put in place security best practices. This needs to change.
But responsibility for security rests with consumers too. Consumers must follow the security practices dictated by banks, create strong passwords, and be especially careful when accessing financial information from a public computer.
What do you think? How can financial institutions security teams both meet government regulations and pursue best practices? To what degree does responsibility rest with consumers? We’d like to hear your opinions.
You must be registered in order to write comments. To register as a new user click here.
If you're already registered, please leave a comment here