Data Breaches: A Resurging Threat for Credit Unions and Members
By Roy Urrico
Data breaches, a feeding ground for identity crime, continue to present a looming threat to organizations everywhere. Even though 2020 brought a downturn in the number of incursions, and people impacted, they never disappeared entirely and are now showing a resurgence in 2021. What are the threats to credit unions and how can they help protect members against the threat presented by breaches? BreachIQ, powered by a patented, artificial intelligence-driven algorithm, offers some help.
Boston-based Sontiq, which provides intelligent identity security (IIS), announced in March 2020 the acquisition of data breach intelligence fintech Breach Clarity. As a result of the acquisition, Sontiq’s products – IdentityForce, Cyberscout, and EZShield – all built on its tech-enabled IIS Platform, now have the capability of BreachIQ, which provides an AI-driven and proprietary personalized risk score along with actionable next steps based on unique data breach histories.
“It is becoming clear that consumers and the organizations that serve them desperately need clearer, more detailed information about the impact of data breaches to better safeguard their identities,” said Sontiq President and CEO Brian Longe in the acquisition announcement. “Consider our physical health; we wouldn’t accept generic health advice from a doctor. The same expectation for personalized protection must go for our digital health. BreachIQ provides the kind of analysis individuals aren’t getting anywhere else, and have gone without for too long.”
Jim Van Dyke, senior vice president, digital financial wellness, at Sontiq remarked, “Consumers’ sensitive personal information is exposed daily, and it is increasingly difficult for them to monitor who has their data and where it’s being leaked.”
Van Dyke, a co-founder of Breach Clarity, provided some insight into the challenges facing credit unions.
The Credit Union Breach Issue
Van Dyke acknowledged that over the past year or so hackers took advantage of the pandemic and resulting chaos. “Eventually that is where the criminal is trying to go. Anytime there is a humanitarian crisis, which of course COVID-19 is, it is no different than say an earthquake, a typhoon or a famine, bad people love to hide in the panic.” He noted despite the slight drop in hacks in 2020, breaches increased during the first quarter of 2021.
There were 1,108 publicly reported data breaches in 2020, down 19% compared to 2019, with 300.5 million individuals affected, down 66 % over 2019, according to the El Cajon, Calif.-based the Identity Theft Resource Center. In the first quarter 2021, the ITRC tallied 363 reported compromises in the U.S. compared to 325 compromises in the fourth quarter of 2020. The number of individuals impacted climbed significantly more with almost 51 million in quarter one 2021, versus 8 million in quarter four 2020. Financial services alone accounted for 51 breaches and more than 1.7 million individuals in the first quarter.
Data breaches put consumers and businesses at risk for identity scams, including financial identity theft, which is the most common form of ID theft. This is when a scammer uses someone else’s personally identifiable information for financial gain, such as through account takeovers.
Van Dyke advised credit unions to refocus on defense basics and a couple of breach truisms: “First the breaches that cause credit union and member losses are generally not occurring at the financial institution, they're occurring somewhere else. The second is the criminal wants to get into the deposit accounts or the card accounts, or even taking over a loan or something like that.” In 2018 LexisNexis Risk Solutions reported every dollar of fraud costs credit unions and other financial services providers approximately $2.92 in fees, fines, interest, labor and other expenses.
Van Dyke explained credit unions generally do a good job securing data. He suggested credit unions look for a return to protection against traditional types of fraud, and give their members solutions that help them simplify their protection choices. However, the overwhelming amount of protection advice offered blurs the message and confounds account-holder decision making.
“There are 51 different kinds of advice that consumers are commonly getting. They cannot possibly decide which actions are most important for them to focus on right now, based on their unique threats,” Van Dyke advised. “What we do is simplify that.”
Raising Members’ BreachIQ
Van Dyke explained that BreachIQ analyzes more than 1,300 data points to curate a breach score based on the severity and risks of a publicly reported data breach. From a personalized perspective, BreachIQ combines the potential impact from multiple breaches related to an individual’s personal information. Then, it calculates the steps the individual has taken to mitigate additional breach exposure. From there, BreachIQ produces a proprietary, highly personalized risk score, which updates with each breach incident. Sontiq expects as BreachIQ becomes available to more users, its data and trend information will yield a richer data set with more robust insights.
“We look at people's breach history, which we find from the dark web, from their email address. And we figure out where they have been breached and what action steps they need to take.” He noted some of the most powerful actions could take place right at the credit union, because getting into deposit and card accounts are among criminals’ ultimate targets. Consequently, account holders can take action such as turning on two-factor authentication or setting up alerts, or other security options members have not yet enabled.
According to Van Dyke, the keys to BreachIQ are simplification, personalization and finding the right security prescription This approach, he adds, can help cut credit union losses and creates value through higher and safer digital engagement, and member interaction. “It all centers around, security, this is a great way for credit unions to get higher return on investment from their existing technology.”
The original Breach Clarity value proposition was to deliver services safely, added Van Dyke. “Then you combine this with what Sontiq does, and integrate them into our digital banking stack and it's going to be a lower cost and a higher value.” Among clients lining up to implement BreachIQ is the $5 billion Vernon Hills, Ill. BCU, formerly known as Baxter Credit Union.
The acquisition of Breach Clarity marked an active first quarter for Sontiq. Since January 1, 2021 the company also announced the acquisition of Cyberscout, which provides products and services to the insurance market; launched its next-generation IIS platform; and revealed a patent-pending online reputation management capability, RepIQ. Sontiq’s brands, IdentityForce, Cyberscout and EZShield provide a full range of identity, cyber monitoring, restoration, and response solutions and services.
In other Sontiq news, Jeremy Haas, a former CIA Cyber Officer and U.S. Government Security Expert, joined Sontiq as Chief Technology Officer.