The financial services industry certainly is aware of threats to customer data privacy. Firms are well informed about previous data breaches at nonprofit and for-profit entities alike. These events are grabbing headlines globally and are foremost on the minds of existing and potential clients, so financial institutions must be attentive to consumers' concerns, mustn't they? Yet, time and again, reports surface of hackers, dishonest insiders, careless data handling and lost laptops leading to the exposure of customer information.
Recently, E-Trade Financial Corp. (New York) and TD Ameritrade Holding Corp. (Bellevue, Neb.), two fixtures of the online brokerage industry, reported in October losses of $18 million and $4 million respectively as the result of customer account breaches. Overseas hackers used keylogging software installed in public computing facilities to capture users' account information and passwords, and then used those accounts to execute a pump-and-dump market-manipulation scheme, according to TD Ameritrade. E-Trade declined to comment on the breach for this story.
While the number of individual customers affected in this particular scheme appears to be minimal, the financial ramifications are self-evident and rising -- despite improving technology and awareness. Further, the troubles of the discount brokerage community are just a few in a spate of data breaches suffered by industry heavyweights, including Bank of America, JPMorgan Chase, Ameriprise Financial, Fidelity Investments, ING U.S. Financial Services and even industry regulator NASD.
According to an annual data breach study from Elk-Rapids, Mich.-based think tank the Ponemon Institute, which studied 31 organizations that suffered data breaches, the average total cost of lost customer records is $182 per record, a 30 percent increase from 2005. The study calculated costs in terms of direct incremental costs, indirect productivity costs and customer opportunity costs. The latter is perhaps the most damaging.
Dr. Larry Ponemon, chairman of the Ponemon Institute, points out that the online channel in financial services often generates some of the highest margins for an institution because it can be highly automated. When an event occurs that shakes customers' confidence in a firm's online presence, he asserts, it can severely, and in some cases irreversibly, damage the client relationship. "If you can't prove that you're managing the data security and privacy of that relationship, it can become very costly for the company," Ponemon says.
In the event of a data breach, he continues, customer reaction is predictable and quite simple. "The first thing that normally occurs is that if you were an online user, you would use [the Web] less," Ponemon explains. One very important trend, he notes, is that for financial services consumers, the churn rate -- the number of customers changing behavior or taking their business from the institution in the event of a publicized breach -- tends to exceed that of other industries.
Preserving Customer Confidence
Customer confidence is a fragile commodity that requires great care. "All organizations will need to step up to the level at which clients are going to expect us to be," says Steve Van Wyck, CIO of ING U.S. Financial Services (Atlanta, Ga.). "Those that don't will quickly fall out of the trust of the client and begin to lose business."View sidebar:Minimize the Data, Maximize Laptop Security
View sidebar:Equifax's Big Spend on Security
Security budgets are up across financial services as businesses attempt to thwart more-sophisticated cybercrimes.