Equifax Breach, Two Years Later: Lessons for the Financial Services Industry

Nearly two years after the Equifax breach, the fallout is far from over. As detailed in the 96-page Senate Committee on Investigations report, serious flaws in the financial systems’ consumer data security framework were exposed. Sen. Elizabeth Warren (D-Mass.), a vocal critic of Wall Street and its many entities, echoes the Reuters report, stating that Equifax “failed to implement an adequate security program to protect this sensitive data, and as a result, Equifax allowed one of the largest data breaches in U.S. history.”

With the call for “real and substantial consequences” for the gross negligence of Equifax, our long-term personal security, as well as the security of the financial services industry, is called into question. How do we protect against fraud in the future? And how do we make things safer?

According to security researchers at DBRS, the security of the financial sector lies in the adoption of technology, specifically the financial services industry needs to move toward biometric security. Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic. Among the features measured are face, fingerprints, hand geometry, handwriting, iris, retinal, vein and voice.

Although it is noted that no single federal agency has the authority to establish cybersecurity requirements, or to monitor whether companies adhere to the standards, there is a notable swing toward Federal Trade Commission regulation and oversight, specifically by Democratic party members. It is likely that some type of authentication feature will eventually be introduced into the credit process so that lenders can ensure that the person applying for credit is legitimate.

The Senate Committee on Investigations concluded that Equifax failed to take basic steps to protect its security system from vulnerabilities, and that “Equifax’s shortcomings are long-standing and reflect a broader culture of complacency toward cybersecurity preparedness.”

Technology for security practices are readily available and currently being used by many companies, including several federal government agencies and mega corporations like Google and Apple. The timeline for implementation is short for companies motivated to incorporate these security features and are therefore a plausible breach prevention solution.

The financial sector has been looking for ways to redefine the way customer identities are authenticated for a long time, and the adoption of biometrics in financial institutions around the globe is an increasing trend. More and more financial outfits are opting for biometrics to secure their customer authentication practices.

The attention that identity theft and data breaches are getting at state and federal levels is welcome news. It’s been a wake-up call, not only for consumers but also for lawmakers, and many are glad to see that we’re at least having the conversation about addressing data security and data breach issues.

Financial institutions around the world have been developing technologies the improve security, many of which are taking advantage of biometrics to protect their and their clients’ assets. This trend is undeniable and many financial service providers have already integrated mobile biometrics with their smartphone apps to authenticate customer identity. We can expect that the lending process will likely integrate similar steps in their approval processes in the near future.

Callie Guenther is CyberSOC Data Scientist at Critical Start. She can be reached at callie.guenther@criticalstart.com.