The Danger of Complacency: It’s Just What the Criminals Want

With the one-year anniversary of the Equifax data breach upon us, which affected over 147 million American adults, there is an ever-increasing need for Americans to be on guard for the effects of this breach and so many others like it (including Uber, Sonic and UnderArmor). Credit unions have a golden opportunity to show their existing and potential new members that they recognize the growing risks facing their members far outside the walls of the credit union itself.

A recent study conducted by a team of researchers at the University of Michigan’s School of Information showed consumers (your members) have exhibited an optimism bias that has led to a significant degree of complacency or total lack of action in response to the Equifax breach. Whether you call it “putting their heads in the sand,” “rolling the dice” or exhibiting the “it hasn’t happened to me yet” syndrome, people (members) need to know they’re taking enormous risks with this complacent approach. New account and account takeover fraud has increased more than 200% in the U.S. over the past three years, thus magnifying the risks for members as they face more serious ID theft nightmares.

In a recent interview with FBI Retired-Special Agent John Iannarelli, he explained, “The criminals who perpetrated the Equifax breach will sit on the majority of data for as much as a year or more before using it. They know the nature of consumers is to get more complacent over time, long after a major breach. They know there will be an initial rush to have protection immediately following the breach, then folks just get lax, assuming it’s all safe and lose their vigilance. And that’s when the thieves will strike.”

The University of Michigan report indicated some consumers simply delay taking security-related actions to protect themselves until after they know they are actually harmed. There is a general lack of awareness about the best ways to protect themselves. They don’t understand the extensive time and labor involved in managing the recovery efforts. Most often they are mistaken about various monitoring services that they believe will prevent ID theft from happening. This lack of awareness issue includes a misinterpretation of how preventative services, or so-called “resolution services,” actually work – or don’t work – as they are led to believe from their descriptions.

Another interesting trend has recently been revealed by a Scottsdale, Ariz., firm, Cornerstone Advisors, which indicated that millennial consumers (also members) are turning to credit unions or other financial institutions for non-financial services such as ID theft protection. And, as reported in last month’s CU Times article, “Millennials Open to Buying Non-Financial Services From CUs,” the majority of millennials are willing to consider buying bundled services at attractive prices. This new Cornerstone study reflects results that are complementary to an early 2017 study released by Assurant, Inc., which reported the majority of surveyed U.S. consumers were fearful of ID theft and cyberattacks. Over 60% of the consumers indicated they were “terrified” or “very concerned” about ID theft or cyberattacks, prompting 79% of the respondents to be “more likely” to buy protective services.

Another contributor to consumer complacency is a vast array of “technology-wielding” companies urging consumers to trust in the next “magic pill” solution that will make all of the ID theft threats evaporate (for example, remember how EMV chip cards were supposed to be the final answer?). Recently, the hope of technology producing a fix for all identity theft has rested upon blockchain companies. However, subject matter experts such as Mark Pribish, vice president and ID theft practice leader at Merchants Information Solutions, have insights into the reality of data breach events and their ID theft fallout, which reveal that the direct cause of many breaches and ID theft events are from human fallibility versus technology attacks (i.e. hacking and malware). Therefore, blockchain solutions, which focus predominantly on technology-controlled data, will continue to face serious limitations as a means to end all ID theft.

Credit unions have an excellent opportunity to take a leadership role by bringing members a real solution to preparedness against data breach and ID theft events. Pribish offered this great advice: “I recommend that companies and individual consumers focus on response and recovery – because it’s not a question of if, but when a company experiences a data breach even if your organization has implemented blockchain technology.”

Credit unions can make an enormous impact on their members with strong awareness programs and provide them bundled ID theft services with rich value propositions. Why should members be forced to find third-party solutions online (via Amazon, Apple, etc.) or services from companies they do not trust at rates much higher than they’d expect from their trusted credit union?

So celebrate the one-year anniversary of the Equifax breach with definitive action to serve your members before the next anniversary … and end your members’ confusion, complacency and increasing vulnerability that criminals are using to their advantage.

James McCabe is SVP, ID Theft Solutions for Vero. He can be reached at 480-699-2168 or jmccabe@veroproducts.com.