This is NOT Fraud Advice--Data Vaulting

Happy November everyone! Hope you all dressed up as fraudsters or penguins for Halloween.

Today, we are going to talk about a topic we have touched on before: data vaulting. As we have shown, most third party fraud starts with fraudsters stealing an identity. There are a couple of ways to do this, but often fraudsters just purchase these identities on the dark web.

The identities are for sale because every week there is another major data breach, which exposes the personal identity information of customers. This week, Change Healthcare was breached, affecting 100 million Americans. In personally exciting news, I got a letter in the mail notifying me I was impacted by the breach. Luckily my data was already frozen from the Evolve breach. A nice little two-for-one breach in a span of four months for your boy here.

Footprint exists to eliminate fraud on the internet. This of course means we need to be able to identity fraud and stop it at the time of onboarding. But it also means we need to take steps to prevent it in the future, and these steps include data vaulting.

Based on what our team has seen, the most common ways that companies protect your information are:

1. They don’t encrypt anything
2. They only use basic encryption at rest
3. They use a 3rd party tokenization/vaulting service

All of these options have their trade offs and the details are too complicated to cover adequately in this newsletter. However, if you are in charge of collecting sensitive data on your customers, we put together this guide to help you understand the common mistakes and best practices in securely storing this information.