Take On Payments, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Take on Payments and look forward to collaborating with you.
Federal Reserve Web Sites
Other Bank Regulatory Sites
April 28, 2014
Is Personal Data Privacy Going, Going, Gone?
Since last December, it seems that not a week has gone by without a headline about another breach of consumers' payment or personal data. These articles—which are no longer limited to banking or IT industry publications—have created both weariness and concern among consumers. The market research firm GfK conducted a national survey of U.S. consumers in March 2014 to measure the impact of these breaches and better understand how consumers view and manage their personal data. They surveyed 1,000 individuals over the age of 18 and sorted the results by generation. Some of the findings I found most interesting were:
- All generations are concerned about the protection of their personal data and, overall, 59 percent indicated that their concern has risen over the last 12 months.
- One-third of the survey participants indicated that they had been the victim of the misuse of their personal data at least once over the past year.
- Over half (54 percent) of those surveyed don't believe the U.S. government is doing enough to protect their data, with two-thirds of the pre-boomers taking that position.
- Overall, 80 percent of the respondents believe there should be additional regulations preventing organizations from reselling their personal data to third parties.
- There is a strong demand from consumers for all consumer-facing industries to change their data privacy and personal data usage policies, but that demand is the highest for credit card companies and social networks.
- Banks are in the top four trusted organizations regarding the protection of personal data but trailing health care organizations, online payment systems, and online retailers. Social networks, international businesses, and marketers and advertisers are the least trusted.
- Although more than half of the participants do not agree with the tracking or recording of communication data without their permission, younger generations are not as concerned.
So how are consumers behaving in light of this increased concern? Almost half (48 percent) indicated that they have changed their online practices and are avoiding the use of online auctions, online banking, and online social networks to reduce the likelihood that their personal data might be compromised or misused in some way. I have seen other research indicating that as much as 40 percent of a retailer's customers that have had their personal data compromised through a breach at that retailer will avoid that retailer, at least in the immediate term.
So what is the best approach to develop and maintain safeguards for consumer's personal information and transaction data? The private sector has always championed self-regulation through standards efforts such as PCI-DSS, but we all recognize that being compliant with a common minimum standard is not the same as being totally secure. There has been no shortage of recent congressional discussion on this issue, and future major breaches will likely add to the momentum such that it will be difficult to stop. Is that where you think we are headed—a regulatory fix coming from a legislative mandate? Let us hear from you.
By David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed
TrackBack URL for this entry:
Listed below are links to blogs that reference Is Personal Data Privacy Going, Going, Gone?:
- EMV Comments That Make Me Cringe
- Taking a Quantum Leap into Payment Security
- Looming Questions with the Rollout of NACHA's Mandated Same-Day ACH Rules Change
- AdmiNISTering Passwords: New Conventional Wisdom
- Mobile Banking and Payments—What's Changed?
- Risk Mitigation Isn't Just for Banks
- The Simple Consider Three but Four is the Key
- As with Nuclear Disarmament, So with ACH: Trust, but Verify
- The Personal Cost of Fraud
- When Fraud Hits Home: Questioning Today’s Authentication Methods
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- account takeovers
- ATM fraud
- bank supervision
- banks and banking
- card networks
- check fraud
- consumer fraud
- consumer protection
- cross-border wires
- data security
- debit cards
- emerging payments
- financial services
- identity theft
- law enforcement
- mobile banking
- mobile money transfer
- mobile network operator (MNO)
- mobile payments
- money laundering
- money services business (MSB)
- online banking fraud
- payments risk
- payments study
- payments systems
- phone fraud
- remotely created checks
- risk management
- Section 1073
- social networks
- third-party service provider
- trusted service manager
- Unfair and Deceptive Acts and Practices (UDAP)
- wire transfer fraud
- workplace fraud