Stephen Foley comments in The Independent on the recent CitiGroup breach and tries to prevent kneejerk reactions. He writes, in part:
[…]
There have been 288 publicly disclosed breaches of financial services companies’ computer systems, according to the Identity Theft Resource Centre, and 83 million customer records compromised. That would suggest that, even if you haven’t been a victim, you would be likely to know at least one person who has – yet complaints about discovering dodgy transactions are not a staple of pub conversation.
None of this is to minimise the importance of these breaches, just to say that clearing up after them, by telling customers to reset passwords or issuing new cards, might be the best way to deal with them. Laborious new signing-in procedures are an unnecessary hindrance; in the UK, Barclays’ requirement that you use a calculator-like device to generate a log-in code every time you go to its website has removed the whole point of internet banking, namely that you can access your account anywhere.
There are tighter rules needed. Citigroup, like Sony and others before it, ought to have revealed the existence of the security breach sooner than it did, so a code of conduct for communication with customers would be a good start.
But breaches are a fact of life in the modern era. The investment should come in technology to detect break-ins and to track down their anonymous perpetrators. As long as we get as many headlines about hacker arrests as we do about hacker attacks, we should be satisfied.
Do you agree?