News

Locking down data

October 11, 2005

It is a nightmare scenario for financial institutions: A database containing sensitive customer information is hacked into and the contents are compromised.

With more cases of security breaches making headlines in recent months, financial institutions (FIs) are putting data encryption at the top of their priority lists.

This story and all the great free content on ATMmarketplace is supported by: Futurex Request free info from this company!

"There have been quite a few high-profile cases recently and that has really seemed to get people's attention," said Jacob Jegher, an ATM analyst for Boston-based Celent Communications.

"That seems to be the latest focus," he said. "The issuers are saying that if you have data on file, you are going to have to protect it."

Jason Anderson, a product group manager at Bulverde, Texas-based encryption hardware developer and manufacturer Futurex, said the reaction to fraud and security is not surprising.

"The way the financial industry works in the U.S. is that changes are almost always risk driven," he said. "In this case, the risk falls on the issuer, so they are forcing policies onto FIs."

With the responsibility being shifted from issuers to banks, many FIs are now looking to do more than simply adhere to card issuers' mandates.

"We are getting more requests from FIs that are looking for something that goes above and beyond the basic security standards," Anderson said. "I think FIs understand the risk more than ever and are looking to protect themselves."

In recent years, initiatives such as Check 21 have meant that FIs are in possession of even more sensitive information that is stored electronically, either in a database or on tapes. That means there is a greater need for encryption to keep the information safe, Anderson said.

Jegher said that despite good intentions, adoption of technology is notoriously slow in the financial sector.

"Time and again, after each (security) incident, banks are saying they have everything under control and are moving forward quickly and efficiently," he said. "But unfortunately, steps are not being taken quickly enough. Banks have to have a fire lit under them a lot of times before they begin to take data encryption seriously.

"I am not trying to minimize the need to evaluate technology," Jegher added. "It is important that the technology used is the best available, but there also needs to be more of a sense of urgency."

Futurex's director of strategic alliances, Isaac Johnson, agreed that it sometimes take a high-profile case to spur FIs into action.

"The question now is getting FIs and drivers of ATMs to go out and agree to incur the costs before you actually can get anything done," he said. "A lot of times, they just won't do that until it makes the news."

Jegher remains optimistic that FIs will continue adopting technology to address data security concerns, and he can even foresee a day when a data breach is no longer a nightmare.

"What I would really like to see is the next time some (data) tapes fall off a truck, the FI issues a press release that says all of the data was encrypted and no information was compromised."