Financial Institutions have always been highly susceptible to data breaches and as per indicators the first half of 2010 has not been any different. Already 39 breaches have been reported by Financial Institutions, and considering that reported breaches form a tip of the iceberg in relation to total breaches, actual breaches are expected to be significantly higher.
On an interesting note, the proportion of data breaches reported by Financial institutions are lower in comparison to the total breaches reported by businesses, healthcare and government sectors. Financial records such as credit card numbers still form a key component of data affected by data breach.
Thanks to key legislation involving payment card industry, data breach happening at institutional end through compromise of servers or IT infrastructure has been reduced. Automated agent attacks such as botnets, data-stealing malware and other advanced threats are still active as far as FI are concerned. But increased compliance to standards has enabled FI to have higher protection from the threat of such breaches.
However attacks for financial data and related breaches are happening outside Financial Institutions as at the business and retail end. Latest trends indicate that credit card breaches are happening more at merchant sites such as restaurants, hotels and retail sector.
Financial data Social engineering is also proving to be a key issue that needs to be addressed at the customer end. Today an increasing need is felt to cover all the stakeholders in any financial transactions such as merchants and customers in addition to Financial Institutions.
Frequent mailers as well as improved authentication mechanisms enable to have some level of protection at customer end. However at the merchant end, the issue still remains largely unresolved in the absence of any standard or legislation providing for protection (even PCI standards are applicable only for merchants who process more than a certain volume of transactions). These need to be addressed for improved protection of financial data.