According to a recent survey conducted by BSI, almost one in five businesses has breached the Data Protection Act (DPA) on one or more occasions – many without even realising it. Whether they failed to hold information securely, illegally transferred information to a third party or neglected other legal obligations, those businesses put their integrity and reputation on the line.
A FraudTrack report estimated that fraud losses stood at £1.19bn in 2008. Any company or business that stores data is having to go that extra mile to prove themselves trustworthy with sensitive customer data, including passwords, credit card details and account numbers.
Tim Thompson, UK managing director of internet fraud prevention company 41st Parameter, said: “The cost of fraud is much more complicated than how much money a fraudster steals: that is too much of a shortterm view. Now, more so than ever, organised fraud rings are cashing in on an underground economy, which deals in stolen personal information.”
The BSI survey went on to highlight that 65% of businesses provide no data protection training for their staff, nearly half admitted that there is no one in their business with specific responsibility for data protection and 18% said that data protection is less of a priority in the current economic climate.
“It is understandable that in today's economy some businesses have elected to cut fraud training, detection and intervention budgets,” continued Tim Thompson. “Although this may save businesses money in the short term, in the long run it could prove disastrous. If a company is hit by a security breach and data is taken, not only is it highly likely that it will be hit with fraudulent actions, its reputation will quickly become tarnished, and new and existing customers will take their business elsewhere.
“The same solution that stops fraudulent transactions will stop the misuse of stolen personal details. By creating the equivalent of a fingerprint for every device attempting to log on to a bank’s site, companies and organisations can substantially reduce losses if user IDs and passwords fall into the wrong hands. Preventing stolen credentials being useful to the fraudster is just as important as stopping a fraudulent transaction.”