The war I’m talking about doesn’t use those cute, bloodless drones that wreak havoc on foreign soil…or deliver Amazon baby wipes. This war is invisible and far more subversive. And you’re the target.
Last week, Target confirmed unauthorized access to as many as 40 million debit and credit card accounts. That’s a huge lump to swallow. But Target is not alone. You’ve seen this headline over and over again. And those are just the breaches too big to sweep under the rug. Like a pretty girl sitting at the bar, it’s just a matter of time before your data gets approached by a lustful stranger.
Every day foreign hackers, sloppy security practices, or nefarious employees jeopardize your data. From credit card numbers to brokerage accounts to good old fashioned checking balances. They’re all at risk. Companies have invested billions in stopping it, but no one stuffs the big fat data genie back in the bottle. Ask the NSA. What happens next will have a profound impact on consumers, businesses and careers. Keep reading.
Why is this happening?
All money is digital – Most don’t think about it this way, but money has been digital since direct deposit. When was the last time your boss unrolled a wad of cash to pay you? When have you been handed a check to deposit? When have you looked at a physical stock certificate? You log in online to check balances, pay bills, and make transfers. Even if you don’t, your bank and employer does. Your entire net worth and life savings are nothing but numbers (or credits) on someone else’s computer. The Fed can create more numbers from thin air. You have to earn them to see the balances go up.
All money is networked – Every bank and merchant is connected to internal and external networks to facilitate transactions and provide customer service. Those networks also create potential holes for intruders. It’s just the way it is. Sure, it’s harder to break into a house that has no doors or windows, but why would you live in it? Same goes for money. Companies need doors and windows to do business. But they must do their best to make sure Russian hackers can’t break in. (I’ll cover in a future article why it always seems to be Russians…) It’s a risk that can be managed, but NEVER completely eradicated like cockroaches. It means having diligent inhabitants (employees) and good locks. It’s in their best interest to do so -their reputations and future earnings are on the line.
Explosive economics – As e-commerce took off, we gave our data to countless online and offline merchants. We signed up for direct financial accounts with banks or brokers and indirect ones like Paypal, iTunes or Mint.com. Every one of those companies stores your data to make commerce more convenient. They also do business with more and more specialists that require access to that data to do their jobs. Specialists range from marketing services to call centers to payment processors. No single merchant can ever all of them on their own. This increased frequency of exchange and storage increases the likelihood of breaches – simply because of math. There are more rooms in the house, more windows to protect, and more residents who might someday lose their keys.
Authentication is a joke – Passwords are a joke when it comes to authentication. There are too many of them and the experience of adding 2-step authorization (texting you temporary codes) is terrible. This has led to lots of passwords on Post-it notes and “social engineering” to get people to reveal enough details to raid their account or create a false identity. The good news is this will change soon.
What’s next? Chaos and Opportunity
I don’t need to explain why bad people might want your money or credit card details. As with the drug trade, as long as potential rewards are high, there will be a market. That means a massive shift of resources towards data protection. Like what happened in the real estate and finance bubble, our best and brightest will be siphoned into the data defense business, instead of building better end-products.
There will be more breaches, most of which you’ll never hear about. And a constant cat and mouse game among companies, criminals, and consumers. No one will be immune. Not if you buy food, have a job, or live anywhere but a log cabin near Ted Kaczynski.
Hackers will always be one step ahead, as in all security scenarios. They are the rogue “innovators”. (It’s not unlike how porn drives innovation in e-commerce.) The good news is it will open the door for smart, nimble entrepreneurs to compete with massive behemoths that take years to modify their legacy systems. When I was at Citi in 2006, the company was still integrating acquisitions from the late 90’s!
Some of the big innovations I foresee include:
- New digital currencies. (Though as I wrote in Forbes, it won’t be Bitcoin.)
- A recalibration national defense (and offense). Like we transitioned from tanks to drones and NSA data tapping, most future defense contractors will look more like Facebook (or “FacelessBook”) than Halliburton. It will should be cheaper for tax payers to fund and for entrepreneurs to build. Of course, we know that we won’t just be playing defense…
- Most importantly, we will see a revolution in authentication – how companies identify you to authorize transactions. This means the death of credit cards, passwords, and 2 step authentication. (I’m writing a more detailed article on this based on work I did for a major payments company. Follow me on LinkedIn and sign up to my newsletter to get notified when it’s out.)
- Data security will become a parameter on which many companies compete, like reception and network quality is for mobile providers.
- Tech Veganism. There will be a movement of people choosing to opt out of the system and in the process, call attention to which companies go the extra mile to protect your data. It will usher in transparency and accountability similar to how GMO (genetically modified food) is suddenly on our radar.
- Rogue do-gooders. Whether it’s Anonymous or others, there will be groups that hack their way for digital justice (or at least, their definition of it).
What should consumers do?
Consumers aren’t completely helpless in all this. As we transition to better technologies, I suggest a healthy (but not conspiratorial) level of paranoia. Here are some things you should do to improve your chances.
- Diligence. Review your bills. Make sure there aren’t any weird charges.
- Check your (free) credit report once a year.
- Close accounts you don’t need or use. The fewer entities can access your information, the better.
- If you have a credit card, I recommend never using your debit card for any purchases. ATM only. You don’t want something connected directly to your bank account sitting on a bunch of insecure databases. Call your bank and request a new debit card number. Trust me, it’s a lot easier to dispute a bad credit card charge than a deduction from your bank account.
- Don’t use social logins for accounts that involve financial information, ever.
- Create three levels of passwords – with increasing complexity:
Level 1: Simpler – for accounts that don’t exchange any financial information
Level 2: Intermediate – for accounts where you have a purchasing relationship like online stores.
Level 3: Complex – for banking and finance transactions. Use different variations for each financial institution.
- Change Level 3 passwords regularly. Once every 6 months is fine.
- Consider using a synced password program that works on your phone and PC. I like SafeWallet, but there are other good ones like LastPass. Personally, I only use the program locally and never in the cloud – even though it’s encrypted.
- Use 2-step authentication for other accounts
- If you’re lucky enough to have this problem, make sure you’re not keeping more money in an account than FDIC insurance can cover.
Teach your kids how to code. They should know how the sausage is made, even if it’s too late for you. There will be jobs in cyber security. The army already has a “terrifying shortage of U.S. Cyberwarriors. Of course, if you’re an evil mastermind, ignore this message and stay analog!