On November 30, Marriott disclosed their Starwood guest reservation system had been hacked, potentially exposing the personal data of approximately 500 million guests, making it the second biggest corporate data breach in history, behind Yahoo. To put that into context, the approximate population of the United States is 327 million. In short, this was a massive data breach. Most consumers feel helpless and ill-educated to know how to respond. The organizations they trust to protect their data are often ill-prepared to do so. As breaches become more common, what should organizations do to avoid making the next data breach headline?
To answer that question, let’s first look at identity proofing. When you create a new account, online or in-person at a bank, hotel, or retailer, you will be asked to provide pieces of information to prove you are who you say you are. This may be a combination of personal questions like your Social Security Number, date of birth, address, previous address, mother’s maiden name, and a host of security questions such as the name of your first-grade teacher, or the hospital where you were born, to name a few. You’ve likely done this several times, and it may be that you’ve used the same answers to the same questions each time. This method is a common strategy used by many organizations – one that is becoming less effective and could be contributing to making it even easier to steal your identity.
The challenge and why it matters
The more you use the same answers to security questions, and the more you provide your personal information, the more at risk you become. When hackers have access to your security answers, they learn more about you. The more they learn about you, the more they can pretend to be you. As more organizations experience ever larger data breaches, the more your personal information could get into the wrong hands. Congratulations. You are now a victim of one of the fastest growing crimes – identity theft.
When organizations use this type of knowledge-based assessment to gain proof of your identity, they are well-intended. They are trying to establish your credibility and make it easy to do business with them. Unfortunately, they may ask questions that aren’t necessary to do business with them, and they may not take all the steps required to ensure your data is secure. As this way of identity proofing deteriorates as a sound strategy, consumer trust is waning, and organizations must make a change and find new ways to do secure business.
Making that change
Many organizations are beginning to look for ways to make your data as secure as possible. However, they also wrestle with how to get you to prove who you are but do it in a way that doesn’t make it so complicated that you are turned off to doing business with them. We are starting to see and work with leading-edge organizations adopting new methods that won’t put up barriers to doing business and at the same time, keep their customer’s data firmly locked down from predatory hacking practices.
In the coming weeks, we will continue this blog series about the complexities of identity proofing. We will take a closer look at new strategies and leading companies that are committed to making timely and necessary changes to protect themselves and consumers from the growing threat of data breaches.
The Kuma difference
Kuma is making a difference and helping organizations strike a balance between establishing a secure identity verification process while making it easy to do business with them. We have solutions to help you achieve your privacy, security, and risk goals and ensure you have access to senior level resources and confidence through our forward-thinking approach. Learn more about Kuma at www.kuma.pro and what makes us different.
Learn more about our privacy, security, and identity services.
Request a consultation with a Kuma team member.