A recent survey says 60% of Americans place the responsibility of preventing data breaches, which may lead to identity theft, on the merchants such as Target and Neiman Marcus. The survey found that 43% of consumers feel that getting their credit or debit card stolen is about as aggravating as other unpleasant happenings such as getting the flu, being stuck in rush hour traffic, or going to the department of motor vehicles.
Those consumers that blame merchants may lack a fundamental understanding about how many merchants, especially the national chains, go about protecting information and the many laws and regulations they strive to comply with to protect consumer information.
Others, including those that initiated class action law suits, have criticized the lack of immediate breach notification.They seemingly lack the awareness that state breach notification laws allow delays when law enforcement organizations (FBI, Secret Service, local authorities) request that notification is not made during a criminal investigation.
Now, imagine this scenario. You are shopping at a retail store that has appropriate physical security including alarms, surveillance cameras, armed patrols and plainclothesmen watching over their customers in and outside the store. An armored van crashes through the entrance and several terrorists jump out of vehicle machine gunning the guards. The terrorists demand all patrons to lie face down and to turn over their wallets and purses. The store manager tries to intervene, and is gunned down. The terrorists escape with your valuables and are never caught. For years you are plagued with various types of identity theft.
Who is immediately responsible? Should the merchant have anticipated the surprise attack? How about you, a patron that was carrying 15 credit and debit cards, a checkbook, passport and Social Security Card. Should you have been carrying all those items that the thieves will now use for years to come to compromise your financial and character identity?
Some of the recent cyber security attacks, such as Target, are analogous to the physical attack we just asked you to imagine. The terrorists came crashing through the retailers Internet firewall, intrusion detection system, and other security. Is it reasonable to assume they could they have anticipated and prevented the attack? With respect to your loss, what was your role in having excessive an unnecessary personal identification on your person?
We’re living in an era where crime is changing, and cybercriminals are creatively outsmarting the smartest and most conscientious of security practitioners. We’re living in an era where we have to share the responsibility for our own security.
A few years ago Wisconsin and Illinois were the only two states that vehemently opposed concealed carry, and today both have laws permitting citizens to carry concealed weapons. Most of us already protect our computers and mobile devices against a variety of attacks with security software. Many Americans have some type of identity protection, although most of it is not sufficient to be of any value in detecting, preventing, and restoring a real attack.
Stay Connected to Stay Informed
Subscribe to my Identity Theft Examiner national column
Add me as a friend on my Facebook Page—I accept all friends
Connect with me on LinkedIn and endorse me for Legal Services and IdentityTheft Protection
Receive updates from me via Twitter