Equifax Breach, two years later: Lessons for the financial services industry
Posted: Jun 18, 2019 | Author:
Fallout from the breach has been a security wakeup call for lawmakers and financial services providers.
Nearly two years after the Equifax breach, the fallout is far from over. As detailed in the 96-page Senate Committee on Investigations report, serious flaws in the financial systems’ consumer data security framework were exposed.
With the call for “real and substantial consequences” for the gross negligence of Equifax, long-term personal security, as well as the security of the financial services industry, is called into question. How do we protect against fraud in the future? And how do we make things safer?
According to security researchers at DBRS, the security of the financial sector lies in the adoption of technology, specifically the financial services industry needs to move toward biometric security. Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic. Among the features measured are face, fingerprints, hand geometry, handwriting, iris, retinal, vein, and voice.
Although it is noted that no single federal agency has the authority to establish cybersecurity requirements, or to monitor whether companies adhere to the standards, there is a notable swing toward Federal Trade Commission regulation and oversight, specifically by Democratic party members. It is likely that some type of authentication feature will eventually be introduced into the credit process so that lenders can ensure that the person applying for credit is legitimate.
The Senate Committee on Investigations concluded that Equifax failed to take basic steps to protect its security system from vulnerabilities, and that “Equifax’s shortcomings are long-standing and reflect a broader culture of complacency toward cybersecurity preparedness.”
Technology for security practices are readily available and currently being used by many companies, including several federal government agencies and mega corporations like Google and Apple. The timeline for implementation is short for companies motivated to incorporate these security features and are therefore a plausible breach prevention solution.
Source: CreditUnionTimes
Subscribe
Sign up to the receive the weekly Leaguer email. Existing subscribers can manage their subscription.
