Businesses must stay one step ahead of the cyber thieves

Florida loves being No. 1, but definitely not in this category: The state leads the nation in complaints for identity theft in the country.

“Identity theft is the most pervasive scheme going on in South Florida,” said Wifredo Ferrer, U.S. attorney for the Southern District of Florida. He introduced the topic for a panel of experts on identity theft, which I moderated at the Wolfson Campus of Miami Dade College.

Ferrer’s observations are supported by a study released by the National Consumers League (NCL) and Javelin Strategy Research, which shows that Miami is Ground Zero for cyber security theft that includes tax-return fraud.

The study shows that the impact of this type of identity theft on consumers is enormous: 61 percent of those surveyed who had their data breached were victims of fraud. To make matters worse, nearly half — 49 percent — did not know how or where their data was compromised. In Miami, 31 percent of fraud victims said their data was used to make purchases online, and 39 percent said purchases were made in person.

John Breyault, NCL’s vice president of public policy, telecommunications and fraud, pointed out that cyber-theft has a damaging ripple effect that affects consumer confidence at all levels.

For businesses, the damage of losing consumer trust can lead to a tumbling loss in sales, as in the case of the major retailer Target, where millions of its customers’ credit cards and personal history were hacked.

Although reported fraud at this time is relatively low, it does not mean the danger is slight. Thieves may take years to sell the emails, phone numbers, Social Security numbers, credit cards and PIN numbers on the black market, but more often than not, it gets there.

The mind-boggling piece is that there is a struggle between corporations, small companies and state legislatures as to how to address the problem. No one is suggesting the solution is easy, even if all parties agree. But the level of disagreement is surprising. California is leading the way in addressing the problem, but not without resistance.

California law requires companies to inform customers if their Social Security number, driver’s license, credit or debit card numbers has been stolen. That state also imposes the strongest penalties and provides assistance to victims of cyber crime.

While disclosing the breach to victims seems like the logical thing to do from a consumer perspective, many companies are hesitant for fear of liability and scandal. A victim, however, has a right to know if an unauthorized person has access to personal information. Hiding a problem, as most companies are inclined to do, only exacerbates it. As J.P. Morgan’s CEO Jamie Dimon has said, “Problems don’t age well.”

The challenge lies in making rules and regulations cost-effective for companies big and small. Just by looking at how increased bank regulations have overburdened and crippled community banks, we know that in many cases the remedy could be as fearsome as the problem. The cost of consumer fraud and its prevention is exorbitant and ultimately passed on to consumers.

Just as important is the impact on small businesses. How can mom-and-pop businesses, which generate more employment opportunities and sustain the economy in South Florida, better insulate themselves from a crime that seems unstoppable?

Personal information needs to be better protected, and early detection of a problem is the best way to minimize the damage, but it’s not the whole solution.

Is cyber security an oxymoron? Most of the time the answer is Yes. Hackers are anonymous and can be elusive; they don’t need sophisticated equipment to commit the crime; many databases are not as well-protected as companies think they are; and hackers are always coming up with the next best way to get around the latest anti-theft technology. Some hackers are foreign governments.

All of this means that companies will have to do the same thing over and over again: catch up to the latest technology in cyber security. For companies of all sizes, the money spent on security is part of the cost of doing business. Consumers are painfully catching up to the realities of cyber security; companies and governments must do the same.