Apparently, our local bank is upgrading its security system and needs our account numbers and Social Security numbers sent via “secure” e-mail so they don’t accidentally delete or otherwise modify our account. Just “click here” to confirm.
Also, it seems a backup tape containing our most vital personal information fell off the back of a truck in Connecticut recently, and it may have fallen into the wrong hands, but we’ll never know until something bad happens. If it does, call our secure hotline.
Oh, and the Crown Prince of Nigeria apparently has set aside $10 million in ill-begotten oil money from a long-forgotten partner of ours in Africa, and could we please wire him our checking account number so he can transfer the money post-haste before it is seized by the government?
All three scenarios outlined above are ridiculous – preposterous even. Two are scams we hope are easy enough to spot, even by the least savvy consumer. But scarily enough, one of them is pretty close to the truth.
Last summer, if you’ll recall, a backup tape containing Social Security numbers and account information belonging to potentially thousands of customers and investors in Connecticut’s People’s United Bank mysteriously failed to show up at a storage facility after being shipped there with nine other tapes.
A 90 percent success rate is generally pretty good, but when dealing in personal financial and identification data, nothing short of zero tolerance for failure is acceptable.
And lest one think the Connecticut case is or was an isolated incident, look back through the haze, all the way to 2007, and witness the massive data breach at Framingham retailer TJX Cos., or a “smaller” one last year at Hannaford grocery stores.
Clearly, in an age when hugely important individual and corporate financial data can both be obtained and used in ways unimaginable a short while ago, its protection ought to be a top priority.
Which is why we don’t understand the apparent foot-dragging over the implementation of strict (some might say “overdue”) federal “red flag” rules meant to curb data piracy.
Yes, we understand that in a bad economy finding the money necessary to beef up security is difficult. Small businesses across the country are trying to find ways to cut, scrimp and save. But we dont think protecting all of our valuable data at a cut rate is worth the risk.
We also realize that desperate times, sadly, do call for desperate measures. While actual statistics may fail to back us up (or may not), there really is no arguing the common sense notion that with their backs against the wall, some desperate and otherwise upstanding folks may turn to crime to make ends meet. Increasingly, that crime doesn’t have to involve anything distasteful like a violent bank robbery, but might be as innocuous as a few keystrokes or a shady Internet transaction.
Some businesses that deal almost exclusively in personal financial data – mortgage brokerages and lenders – are crying that a glut of new business thanks to historically low interest rates, coupled with a lack of resources because of the aforementioned tough times, has forced them to put implementation of stricter data protection rules “on the back burner.”
Please excuse our lack of sensitivity, but doesn’t it seem to make sense that the more business that gets done, the more risk there is for exactly the types of data intrusions the red flag rules are trying to prevent? Businesses may complain they can’t afford to add in new regulatory costs, but can we all afford to keep letting them slide? We don’t think so.
Enough putting off the inevitable. The feds need to start enforcing strict new regulations, and punishing those who cannot, will not or do not comply. A little tough love on their part could lead to a lot less heartburn for all of us.
