Financial institutions and other companies now have a new resource at their disposal to help them combat the growing problems of fraud and identity theft. Intersections Inc. (Chantilly, Va.) and Washington, D.C.-based Identity Theft Assistance Center (ITAC) have launched BreachCenter.com, a website to help educate companies about data breach readiness.
BreachCenter.com is designed with collaboration in mind. According to John Scanlon, COO of Intersections, it's a Web 2.0 site that's built on a wiki platform. He says to think of it more as a community of interest on the Web where banks, vendors, banks' customers and others can come together to share their expertise and experiences around identity theft prevention.
However, don't expect the site to focus solely on the technology required to keep data safe. Although such dialogue is vital to breach prevention, that's not BreachCenter.com's purpose. "There are a lot of resources for financial institutions and others around how to prevent breaches using PCI, FFIEC guidance—the technical aspects of prevention," Scanlon told BS&T. "Even with the best technology, breaches can still happen. BreachCenter.com addresses the 'soft side' of breach preparedness—managing companies' response to employees, regulators and customers, and in some cases, their legal obligations."
Anne Wallace is president of ITAC and says less attention has been paid to the non-technical side of breach prevention—customer and brand issues. "These are costly issues but are not the expertise of technology people," she explains. "It's important for senior executives to understand and work this into their planning."
The site is being seeded with hundreds of pages of materials to help get the conversation started, relates Scanlon. Included among the resources are "Seven Steps to Data Breach Readiness," a guide prepared by Intersections that provides companies with information on how to lay the groundwork for effective data breach recovery; a compilation of state and federal statutes around consumer notification laws; samples of notification letters and policies; and reviews of products and providers. Other materials include republished literature, such as Anne Wallace's blogs on identity theft and information from The Open Security Foundation, a nonprofit that catalogues data breaches.
"It's a forum for people to have a dialogue where they can debate the issue of breach response," Scanlon says. "It can help financial institutions by showing them the questions they need to ask when seeking a provider of these services."
Adding to the Web 2.0 element is a Twitter group in which followers are notified on a regular basis of what's new on the site. RSS feeds of BreachCenter.com's content are also available.
Anyone is invited to participate on the site and contribute content as long as they are registered members. Financial institutions are a key audience for BreachCenter.com. "A lot of financial institutions have breach readiness plans in place," says Scanlon. "But some don't, so this is a place for them to get started. Financial institutions play many roles in the economy, so their [commercial] customers need to be 'breach ready' as well. It's a way for banks to gain insight that they can also provide to their customers."
Intersections is the vendor that provides ITAC with its consumer identity theft recovery service, ITAC Sentinel, so the two are by no means strangers to one another. According to ITAC's Wallace, the organizations later decided to collaborate on the identity theft prevention side as well. That is when BreachCenter.com was created. Intersections is taking the lead on the site, as it owns the url. However, both organizations bring a similar approach to the prevention issue and are contributing their own expertise, notes Scanlon.
And the site's launch could not have come at a better time. Wallace notes that although some kinds of fraud are down due to the financial crisis, such as credit card application fraud, the overall trend is the continued increase in boldness of the crimes. "ITAC works with law enforcement and we hear about the increasing prevalence and sophistication of organized crime engaged in fraud. They're stealing from companies and individuals. There has been no lay-off in activity here."
Scanlon says he is seeing a similar trend. "All indications are that identity theft increased in 2008 and will continue to increase in 2009. According to Javelin [Strategy & Research], there were around 10 million victims of identity theft last year. The number of breaches continues to climb and we're seeing the phenomenon of very large breaches, such Heartland Data Systems. Detection and prevention algorithms have been ratcheted up [at banks and other businesses] to combat this."