23 October 2020
Barnes & Noble, the US bookseller, has become the latest brand to notify its customers about a data breach.
Customer email addresses, billing and shipping addresses, telephone numbers, and order histories may have been exposed during the breach.
But does anybody care? Does ‘data breach fatigue’ mean that most people take little to no notice of such occurrences? When iProov completed a consumer survey earlier this year, it showed that 39% of UK consumers and 36% of Americans who had experienced a data breach have now taken the attitude to “just put up with it” when it happens. 10% and 12% respectively went even further and said the breaches “don’t bother me”.
Why is this? Is our assumption that nothing really bad can happen – the database was stolen, criminals might now know our names, addresses, email addresses and what books we bought. It’s a retailer. As long as my bank account is secure, I’m OK – right?
Wrong. It doesn’t matter if a criminal steals your email address from your bank or from the tiny website that you used once to buy a Hallowe’en outfit for a pet dog – an email address is an email address and chances are that you’ve used it elsewhere. If criminals can break into enough weak databases, they can acquire pots of data that can be pooled. That pooled data can then provide enough information on you to give your own mother a run for her money.
iProov does two things to limit the impact of data breaches.
Firstly, we ensure that stolen data cannot be used to create bank accounts or apply for credit cards. Stolen data is always a means to an end, whether that’s money laundering, theft, or malicious intent. Money laundering relies on being able to open bank accounts using stolen identities or fake names.
But criminals cannot steal your physical face. Genuine Presence Assurance from iProov is used by banks and other enterprises to make sure that online accounts can only be opened by a live human being, whose face matches the image held in a trusted identity document and who is genuinely present at that very moment to complete the authentication. If banks are using Genuine Presence Assurance, stolen identity data cannot be used.
Secondly, we ensure that ongoing authentication is secure. If a criminal attempts to take over a consumer’s existing account using stolen data – a bank account, an Ebay or other retail account, or any kind of account – they can’t do it if the business or service in question insists on an iProov verification for sensitive or flagged transactions. Again – the criminal can’t steal a physical face, so iProov stops them from taking over the account and doing any damage.
“Data breach fatigue is a worrying trend, because as consumers are losing interest in data theft, criminals are getting better and better at it,” says Andrew Bud, CEO of iProov. “The implications of breaches are severe: global crime is being facilitated through money laundering, while consumers, businesses and governments are losing millions of dollars through fraud due to identity theft every year. We need to stop seeing it as an occupational hazard of living and working online.”
“With Genuine Presence Assurance, banks, governments, healthcare providers and other organizations can protect themselves and their customers against fraud, while also playing their part in preventing money laundering and other organized crime.”
Stats from our survey on data breach fatigue
60% of consumers have had to change a password after a breach
37% of those have had it happen 3 times or more
51% get annoyed about it but 37% say they ‘just put up with it’ and 11% say it doesn’t bother them
36% have had to cancel a debit/credit card because of a breach.