Subscribe
  • Home
  • /
  • TechForum
  • /
  • Is your organisation doing enough to prevent a breach in customer data?

Is your organisation doing enough to prevent a breach in customer data?


Johannesburg, 25 Jan 2022

With POPIA in full effect, one would believe that organisations would be upping the ante when it comes to protecting customer data. Unfortunately, this is not the case for all South African industries. Stringent protection methods are still not in place and poorly adapted practices from decades ago are still at play. 

Data breaches waiting to happen

While business leaders are focusing on securing our financial data, compromised personal information can cause just as much damage as a breached bank account. Fraudsters have adapted exceedingly well in taking advantage of loopholes across different mobile apps, websites and other channels to gain access to poorly secured data. According to a Microsoft report, global consumers use an average of between three and five customer service channels when engaging with a brand. That could give fraudsters multiple opportunities for attack, which means companies must secure all their channels adequately.

Wessel Matthee, Information Security and Compliance Manager at Entersekt, explains: “In South Africa, we don’t just have to secure our information, companies must also ensure that they are monitoring their partners and conducting due diligence. Unfortunately, around 90% to 95% of companies don’t conduct this due diligence, leaving them vulnerable should a breach occur.” Matthee warns: “Even if it was a third party that was breached, the company whose personal information was compromised will still be held accountable. Simple username and password protection protocols are no longer enough when it comes to protecting data, even non-financial data.”

Time to step up

While some companies like financial services institutions have applied authentication protocols for some time, when it comes to other sectors, effective means of verification are often overlooked.

Matthee adds: “We have seen a 50% spike in inquiries from non-financial companies in the last year. The healthcare sector in particular is waking up to just how at risk they could be if they can’t show that they have taken all reasonable precautions to safeguard personal information. The need for excellent multi-factor authentication is even more important when companies begin participating in ecosystems and exchanging data with third parties.

“We have to understand that non-financial data is also valuable, and can be ‘weaponised’ by fraudsters. Many organisations rely on knowledge-based authentication like security questions for access to their systems. For example, if a customer calls their bank or insurance company, the company has to ensure that they are talking to the actual customer and not a fraudster impersonating them. To confirm this, the company usually asks security questions, like your address or date of birth. The same is often true for access to online systems. But much of that information is already out there – either on social media or via a breach, making it very easy for fraudsters to impersonate a legitimate customer,” Matthee says.

What customers want

South Africans love to share on social media. We share our information without thinking it may fall into the wrong hands or unwittingly share data on compromised sites. Due to this naïveté, the spike in data breaches in recent years has given many customers a reason to be mistrustful of how their information is stored and protected.

Research also found the same is true for customers’ financial transactions. In the past, customers mostly wanted a friction-free experience when transacting online. However, these days, customers mostly prefer to verify their transactions before the funds leave their account. This shows how guarded we have become when it comes to trusting brands to protect our data. Matthee says the growing pressure to secure non-financial data, not only because of POPIA but also due to the increasing expectations from the general public, has resulted in a significant spike in interest in authentication solutions.

Mitigating the risk

To mitigate the risk of falling victim to fraud, it is vital that we become much more careful about what we share on our social media platforms. However, we also need to hold companies to a higher standard, especially if they hold our personal information. Matthee explains: “If a fraudster breaches an insurance provider or MNO, they have access to a range of valuable data points. They have access to personal information, can steal payment information as well as security information. The fallout from this could be very costly.”

In order to ensure compliance with POPIA, companies that hold personal information will have to relook at their methods of authentication and securing customer data. Passwords and knowledge-based questions to authorise users will no longer cut it. Companies found wanting will have a hard time trying to convince a judge they had done enough, should they be breached. 

Share

Entersekt

Entersekt is a leading provider of strong device identity and customer authentication software. Financial institutions and other large enterprises in countries across the globe rely on its multi-patented technology to communicate with their clients securely, protect them from fraud, and serve them convenient new experiences irrespective of the channel or device in use. They have repeatedly credited the Entersekt Secure Platform with helping to drive adoption, deepen engagement, and open opportunities for growth, all while meeting their compliance obligations with confidence. 

Editorial contacts

Lelanie de Roubaix
Entersekt
(+27) 21 815 2800
lelanie@entersekt.com