Fraud Professionals Want New Regulations on Data Breaches

SAN FRANCISCO, CA (Gawkwire.com) RSA® Conference (www.rsaconference.com) eFraud NetworkSM Forum, a one-day event facilitating cross-industry information sharing to enable better detection and prevention of fraud, today released the results of a recent survey of fraud professionals.

On the topic of data breaches, top-line findings include:

•67 percent of respondents feel they should be notified the same day if an organization falls victim to a data breach and their customers are compromised.
•57 percent felt that attacks had increased due to the global economic situation.
•50 percent would like revised legislation and 28 percent want more regulation.
•35 percent said their organization had experienced a data breach in the last 12 months, compared with 21 percent who didn’t know and 44 percent who said they had not had a single breach in the last 12 months. (see Chart 1)
“Data breaches are not a rarity anymore; they are part of business,” said Sandra Toms LaPedis, Area Vice President and General Manager of RSA Conference. “Furthermore, these findings show that current regulations to help organizations cope with data breaches and protect their customers are not enough. In fact, we found that spending to prevent fraud is actually up for half of the organizations surveyed.” (see Chart 2)

The survey also found that more cross-industry information sharing is needed.

•93 percent of people surveyed agreed information sharing does help prevent fraud and 78 percent of those surveyed would like to see more information sharing.
•81 percent of those polled work with local police – the most popular law enforcement agency in the survey. The FBI (60 percent) and Secret Service (48 percent) were the second and third most popular respectively.
•In addition to sharing information with law enforcement, 68 percent share information with competitors within their industry and 40 percent share information with organizations outside their industry. Nine percent of respondents said they “didn’t share information about attacks” outside their company.
•Those impacted by the Heartland Payment Systems breach had more frequent communication with law enforcement than those who had not been impacted.
Another trend uncovered by the survey showed that organizations are being attacked differently.

•Larger organizations with more than one million customer accounts are more likely to experience phishing attacks using their brand (90 percent), account takeover attacks (72 percent) and new account enrollment attacks (71 percent).
•Smaller organizations are primarily targeted with malware (73 percent), viruses (73 percent) and phishing attacks using their brand (68 percent).
Additionally, victims of the Heartland breach are experiencing higher percentages of malware, social engineering, Nigerian scams, new account enrollment, data breach leading to identity theft, skimming, SQL injections and attacks over the mobile phone.

The survey of 104 fraud professionals was conducted in March 2009. More than 60 percent of respondents represent the financial services industry and more than half are from organizations that manage more than one million customer accounts. The full report can be found at: https://365.rsaconference.com/community/efraudnetwork.