Cookies for Banking

CookiesWe need to talk about the cookie.

It’s such a sweet word—warm, comforting, bringing back memories of home. But in this time and this business, it also means something very different. In fact, it symbolizes the constant debate between openness and privacy, an uncomfortable discussion we need to have.

The end of January always brings us Data Privacy Day, as designated by the National Cyber Security Alliance (NCSA). The occasion is typically marked by a smattering of articles on the sensitive topic, particularly if it closely follows a high-profile data breach. This year proved no exception, and again, sensible advice that’s easy to follow is a good thing. The message of caution may be repetitive, but it’s still relevant, and it gets more so with each passing year.

That’s because, with each passing year, we get more of everything—data, devices, channels, applications, scams. The more we talk about privacy, it seems, the less we have of it.

For example, the NCSA asks consumers to celebrate Data Privacy Day hosting events and, of course, by “sharing resources and advice on social media.” It’s a weird irony that some of the tools we use to disseminate that advice will inevitably cost us a little bit of our privacy (any idea how many metatags are associated with each Tweet?).

That brings us back to the cookie, the subject of an interesting new research initiative from an organization with deep roots in the subject, the Interactive Advertising Bureau. “Privacy and Tracking in a Post-Cookie World” offers perspectives not only on the state of affairs as they relate to privacy, but alternative models for data transparency and privacy controls for all constituencies.

The White Paper traces the cookie’s relatively harmless origins, and describes how it has outlived its usefulness in a multi-platform user universe. Rather than identify a single, all-purpose solution—which may be how this option went awry in the first place—the IAB proposes a series of solution classes that can be adapted to develop specific technologies to meet particular industry and customer needs.

Of course, the IAB has a vested interest in learning more about consumers. So do those of us in finance. But that may be where our interests and concerns diverge.

Let’s be clear: Every time a retailer suffers a data breach, or a consumer inadvertently gives away personal financial details, or even a credit card falls into the wrong hands, it comes back to us. Even if it’s not our fault, it’s our problem. The government, other industries and the public will ask what we’re doing wrong. We function at the intersection of money, technology and data, and that means there’s a huge bull’s eye on our industry.

No one reasonably expects us to have all the answers, any more than the IAB does, but that’s no reason why we shouldn’t be asking the questions. The welter of regulations and compliance mandates governing the industry should be seen as a starting point, not a boundary. We want technologies that help us serve our customers better, but that still means walking a sometimes-fine line between extracting relevant information and respecting consumer privacy.

The perfect punctuation mark to Data Privacy Day this year came with the guilty plea from Aleksandr Andreevich Panin, who allegedly created the bank-hacking malware SpyEye, which apparently infected 1.4 million computers. He’ll be spending some quiet time for conspiracy to commit wire and bank fraud. Of course, we can rest assured that for every felon behind bars, there’s a bunch out there doing what they do.

Still, out-and-out criminality like this is one issue; data privacy is another. In this environment, we can be blamed for having information customers give us willingly, even if it helps us serve them better.

It would be good to have a range of alternatives to the cookie that meet our customers’ and our industry’s specific needs. Now that’s a comforting thought.

Image courtesy of Grant Cochrane/ FreeDigitalPhotos.net

Identity Thieves: How They Do it and How to Stop Them

*This blog was originally posted on The Intuit Network

We look both ways before crossing the street. We lock our doors at night. We bundle up in the cold. But when it comes to our personal information, are we doing all we can to keep it safe and secure?

Data Privacy Day, a day that promotes privacy awareness and education, is being celebrated Saturday, January 28. In support of Data Privacy Day here are five tips from Intuit to help you protect data.

 

If it’s too good to be true, it probably is – Beware of phishing scams. They come in two forms – via social networking sites and email. The messages often look authentic and appear to come from a friend or connection, legitimate company or government agency. To entice you via email, they often claim an urgent or threatening condition concerning your account, or offer you a prize or reward as a way to obtain your personal information. Some clues to watch for: these often contain misspellings, or the grammar isn’t quite correct. On social networking sites, the post or invitation may look incomplete and often invites you to “check out this cool video.”

The goal is the same – to steal your information. If in doubt, do not reply or click on links without verifying the request is legitimate through another channel, such as a company’s official website, Twitter handle or the social network support site. Websites like www.snopes.com can help demystify some of the urban legends or too-good-to-be-true offers.

 

Don’t lose it if you lose your mobile device – If you lose your mobile device, report it immediately to your carrier or your employer, if it’s owned by your company. Go online and change passwords for financial and personal accounts to prevent any identity theft or fraud.

 

Be passionate about passwords – Use syllables or acronyms. Avoid using complete words that appear in any dictionary regardless of the language. One option is to start with the first letters of a familiar phrase. For example, “Mary had a little lamb” becomes Mhall, which could be part of a secure password. Check out the list of the worst passwords of 2011 from SplashData.

 

Get what is yours for free – Identity theft occurs every day, and is particularly high during tax season when volumes of personal information, such as W2s, are being circulated. The Fair Credit Reporting Act requires each of the nationwide consumer reporting companies – Equifax, Experian, and TransUnion – to provide you with a free copy of your credit report, at your request, once every 12 months. Monitor your credit report to help spot identity theft and keep your personal information accurate and current. Visit www.annualcreditreport.com for more information.

 

Location, location, location – You’re working on a report and need some fresh air and inspiration. So you decide to work at a coffee shop for the afternoon. Are you protecting your company’s data out of the office? Is your screen visible as you step away for your second latte? Mobile devices need to be secured at all times. Set passwords on the device and on any mobile applications that offer that capability. You can also attach a privacy screen to your laptop or mobile device to discourage wandering eyes. Remember, the person next to you might be might be out for more than just a cup of coffee.

As technology changes, so do the opportunities to make your data work for you in new and exciting ways. And these advances in technology are often accompanied by increased data threats. Intuit’s chief privacy officer, Barb Lawler, an advocate for customer privacy says, “The best defense is staying current on ways to protect yourself and remaining in control of your data.  Know what data you have, what data you choose to make public, and take steps to protect it.”