After Massive Data Breaches, Businesses Move to Make ID More Personal

Keeping ahead of data hackers will mean new ways of verifying ID.

ByABC News
October 19, 2014, 6:32 AM
The data breach at JP Morgan Chase may put you at risk of a phishing attack.
The data breach at JP Morgan Chase may put you at risk of a phishing attack.
Sami Suni/Getty Images

— -- Increasingly, legions of sophisticated hackers are infiltrating the most state-of-the-art data security strategies out there. The recent data compromises at Kmart and JPMorgan are in no way similar, except they share a common enemy. And while free retina scanners are probably a stretch, biometrics – the use of your biological data like fingerprints -- may well be the next “less hackable” thing.

During what will doubtless be a relatively brief window of opportunity before biometrics make the move from being “poised to replace older forms of authentication” to “the new normal,” there is a marketing advantage, which is why it’s crucial for companies that handle sensitive information to get in front of the trend.

The cost of a data breach is terrifyingly high. Home Depot estimates that the massive data breach that affected 56 million customers this summer will cost the company several hundred million dollars—and that’s the figure they are using to assuage fears on the Street. The reality is probably much higher. Target’s breach may top out at the $1 billion mark. While the jury hasn’t even been empanelled as to what the JPMorgan breach will cost, it will leave a mark that will no doubt make news down the line.

With so much to lose, the implementation of biometrics-based consumer authentication may be the cheaper option for companies that handle the kinds of information hackers find so irresistible. And as Ann Cavoukian, former Information and Privacy Commissioner of Ontario, has pointed out, “Security by Design” is a marketable value add for consumers. A few years ago that would have met with a resounding “Duh,” but as we trundle further into the dark woods of data insecurity, a slogan like “We keep you safe” has enormous appeal.

Apple appears to be working under this assumption, and the cost is built into your next phone contract. Apple Pay integrates the biometric thumb pass that was first launched as a whizbang feature on the iPhone 5S and is now available on the iPhone 6 and 6 Plus models. It’s a huge step forward in the realm of bio-specific authentication. Alaska Airlines has been experimenting with biometric thumb scans to streamline the check-in process.

While scans of body parts are promising bits of old news finding new applications in the marketplace of data rapture, there has been a fair amount of noise this week about voiceprints when the Associated Press reported on the increasingly common practice of harvesting of voice samples for later use in the identity authentication process. Apparently, the variables that made Nipper the RCA dog tilt his head at the sound of his master’s voice are as unique as the whorls and lines of a thumbprint, and just as easy to collect—if not easier. While there are some critics, voice recognition seems—for the time being—a potentially promising security protocol in the authentication process.

As companies roll out these high-tech upgrades, however, that’s no reason for consumers to be any less vigilant about protecting their identity. The 3 Ms should still be your mantra: Minimize your risk of exposure, Monitor and Manage the damage. Make yourself a harder target and know what to do if and when you become one. Keeping an eye on your credit scores and reports is one way to monitor your identity. You can check your credit reports for signs of identity theft (i.e. new accounts you didn’t open) for free once a year on AnnualCreditReport.com. And you can also track your credit scores for free every month on Credit.com.

The new reality all companies face today is that there is no such thing as a completely secure system. Whether you protect files with a voiceprint or store your most valuable data offline on vellum scrolls, at some moment in time someone somewhere is going to get around your battlements. It doesn’t matter where or how it’s kept: It can be got.

If you want to get anywhere in the penumbra of dangers out there, you have to embrace the reality of your risk and keep abreast of the latest thing that, for the time being, is keeping the snipers from hitting their mark. While the odds are forever not in your favor that you will stop your next data breach, you can contain the damage by being prepared.

The window for cashing in on the marketing potential here is limited. Apple has already grabbed more than a little of that prize, but if there is a takeaway message here, it’s to be found in the Apple model, which doesn’t lead with a security solution so much as it incorporates it.

Adam Levin is chairman and co-founder of Credit.com and Identity Theft 911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.