Breach Clarity debuts tech to help banks thwart data thieves
Even when banks aren’t the target of data breaches, they bear a huge brunt of the costs.
That’s because when identity thieves piece together personal details they lift from companies with less-stringent security measures — including names, addresses and Social Security numbers — they may use their findings to impersonate bank customers and penetrate their accounts or open a new account in the victim’s name.
If a financial account is a set of locks, then each identity credential a fraudster picks up from a data breach is a key that can potentially open it, said Jim Van Dyke, founder and former CEO of Javelin Strategy & Research and co-founder with Al Pascual of Breach Clarity, a startup that’s developed breach monitoring technology to help consumers and now banks to try to prevent fraud in the wake of data breaches.
“The banks generally aren’t getting breached,” Van Dyke said. “But it’s ultimately hurting their bottom line.”
Out of the 11 types of fraud he’s identified, the four biggest occur at financial institutions: new financial credit accounts, new financial deposit accounts, existing credit or debit card accounts and account takeovers.
Individual victims are hurting as well. In 2018, 23% of fraud victims were saddled with unreimbursed personal expenses, according to Javelin’s 2019 Identity Fraud Study.
That’s a problem that Van Dyke is trying to solve for both parties.
His tool for consumers, Breach Clarity, analyzes more than 1,000 data points relating to a breach and boils down the results into a numerical score, typically between 1 and 10, that indicate how severe the risk is for consumers.
Currently, Breach Clarity counts more than 4,000 incidents in its database, and adds an average of 50 breaches each week. The database is maintained and updated continuously by the Identity Theft Resource Center.
Beyond a numerical score, the tool will also zero in on a consumer’s top risk factors, depending on the breach, and recommend steps people can take to mitigate those specific concerns, whether that means freezing their credit, monitoring account activity or filing their tax returns as soon as possible.
Breach Clarity is in talks with about 30 banks to implement the new, bank-oriented version of the technology, which is called Breach Clarity Premium, on their websites and mobile apps.
“We’re trying to protect consumers in a way that makes banks’ profits go higher,” Van Dyke said.
When a bank licenses Breach Clarity Premium and integrates the tool into its website or app, customers use it to see where their information has been exposed in a data breach. They can click on a company name and view the same score that Breach Clarity users can see on the public-facing site, but they can also see up to 11 increased risk factors, rather than the two that public users will see.
Premium users will also get a longer list of steps they can take to protect themselves, rather than the three available on the public site.
Van Dyke says his tool emphasizes steps a consumer can take for free, rather than paying for costly monitoring programs.
The Premium version also builds in conveniences for bank customers. If a particular breach calls for customers to change their bank passwords, they can click on a link to do so directly from that page. Or if the tool instructs bank customers to monitor account activity, they can head straight to the bank web page that lets them turn on alerts, lock a debit card and more.
Once a critical mass of banks have gone live with Breach Clarity Premium, the company will implement a “financial institution finder.” If a user’s bank is not a client of Breach Clarity, they enter the name of their bank and ZIP code and see a list of other with branches in the same ZIP code that do offer Breach Clarity Premium.