Collection firms should follow the same best practices as financial institutions in attempting to protect their data, John Fricke, chief of staff and vice president of the Financial Services Technology Consortium, said yesterday at the Foreword Financial Expo in Chicago.
“Collection firms should play by the same rules as the large institutions that handle the [collection] process themselves. It will reduce their costs and improve their bottom line,” Fricke explained.
Fricke added that internal threats, long cited by security experts as more dangerous than external threats, are a growing concern. Therefore firms should be particularly diligent in the hiring process, conducting thorough background checks on applicants.
Additionally, firms should ensure they sufficiently monitor data to ensure that anyone who accesses it has the right to do so. Biometric identification using fingerprints, voice authentication and other methods is an increasingly popular technique for authentication, Fricke said.
However, Fricke cautioned, there isn’t any technology that will alert a firm to someone’s intent for using the data. Someone who has the right to access the information may still use it inappropriately.
“You have to watch employee behavior,” Fricke said. “You have to watch if someone has changes in his life [that would prompt a change in use of data].”
A related threat comes from “man in the middle” attacks, in which a hacker is able to read, insert and modify at will, messages between two parties. These attacks, along with phishing attacks against a financial institution’s customers, are continuing to grow. Phishing attacks typically ask customers to respond to an e-mail that will lead them to a fake site that looks like their financial institution’s site. The phisher uses any information the customer enters to commit fraud.
Fricke added that financial institutions are currently working with health care firms to develop better defenses against phishing, man-in-the-middle attacks, and other types of fraud.
The New York-based Financial Services Technology Consortium is made up of more than 100 financial service and technology firms, academic institutions, and government agencies.