Financial companies are required by industry and regulatory standards to protect their customers’ debit and credit card accounts and data, FICO, a company best known for its eponymous consumer credit scores, reminds us in a new paper. There is more than short-term financial loss at stake, we are told. Companies that have fallen victims to data breaches “invariably suffer damage to their reputations and lose customers”. Yet, data breaches are on the rise, in fact their numbers are exploding.
The author’s primary objective is, of course, to promote FICO’s own enterprise fraud protection system, called Falcon Fraud Manager. Yet, some of the statistics cited in the paper are truly astonishing and give us a sense of the scale of the problem we face. Furthermore, FICO does give us valuable advice on how to deal with it. It also gives me the perfect opportunity to post FICO’s recent infographic on the evolution of its Falcon system. I wouldn’t have done it otherwise, because it’s mostly a PR exercise on the part of the company, but the graph provides a teachable moment. Technically, it is incredibly well done — among the best I’ve seen. Yet, there is something wrong with it in a very big way, which makes the graph an object lesson for how not to do infographics. Let’s take a look at both.
Data Breaches Are on the Rise
A record number of data breaches in the U.S. — 1,611 — occurred in 2012, according to a report from Javelin Strategy and Research, FICO tells us. That is an increase of 48 percent from the total recorded in 2011, resulting in billions of dollars in fraud losses. Citing data from Privacy Rights Clearinghouse, the paper also tells us that, “from 2012 through October 2, 2013, there have been at least 34,192,454 records exposed through 1,060 breaches”.
There is a wide variety of causes and types of data breaches, but the most prevalent by far is hacking into computer networks. In particular, the paper tells us, the hackers are getting better at breaching businesses from within. Most data breaches occur in cyberspace, which makes it easier for the criminals to cover their tracks and so arrests are rare. The figure below shows you the full list of breach types and their relative shares of the total.
Two of the most common data compromise methods — malicious software or “malware” and SQL injections, which are a form of code manipulation that enables unauthorized log-in and commands — are both on the rise, we learn. The paper cites cloud security researchers PandaLab, according to whom 32 percent of all computers scanned worldwide contain some form of malware. The total of all malware samples in PandaLabs’ database stands at about 125 million, and the company estimates that at least 27 million new strains of malware were created in 2012 alone. “Trojan” viruses, which enter a computer network by masquerading as good software, continued to account for most new threats, comprising three out of every four new strains last year.
So how do you defend your system against such threats? The first line of defense, the authors suggest, is becoming familiar with the most prevalent compromise methods, as well as the technologies that can be used and procedures implemented to protect against them. These are all reviewed in the figure below.
The paper goes on to give specific advice to card issuers, acquirers, ATM operators, etc. on how to protect themselves against things like distributed denial of service (DDoS) attack, so you can go read, if you are interested. But I’d like to move on to the graph I mentioned earlier.
A Beautiful Infographic Gone Terribly Wrong
FICO’s infographic in question tracks what the authors see as milestones in credit card fraud prevention from 1992 onwards. Of course, the timeline is slanted to highlight the evolution of the company’s proprietary Falcon Fraud Manager, but let’s leave that aside.
By the way, before I get to my main point, let’s just pause for a minute and consider some of the stats presented in the graph. I think that the one that stands out the most is the explosion of debit card use — from close to zero in 1992 to $2 trillion in 2012! Similarly stunning is the rise of e-commerce, which did not exist even as a concept in 1992, but this year is expected to hit $1.25 trillion in transaction volume. Then there is mobile commerce, which, as the authors note, was science fiction in 1992. In fact, it wasn’t until 2007, when the first iPhone appeared, when people started taking the concept seriously. However, by 2012, m-commerce revenue had reached $170 billion!
So FICO’s infographic gives us some astonishing stats and, as already noted, is beautifully done. So what’s wrong with it? Well, take a look for yourself.
What do you see? Well, I don’t see anything either. Has no one told FICO’s designers that the direction of such a big graph needs to run lengthwise, not horizontally? And didn’t they see a problem with the design, once they looked at the finished graph? Apparently not and this is amazing. And if you click on the graph to get a larger view, it doesn’t get all that better.
So hacking is a huge problem and, if anything, it’s growing in scale and complexity. Card issuers, acquirers, payment processors, ATM operators, merchants and everyone else who manages our credit and debit card information should be continually monitoring and improving their data protection systems, if they are to stay a step ahead of the criminals. After all, it’s in their own best interest to do so, as they stand to lose as much as anyone from a data breach.
Image credit: FICO.