Tuesday, 24 February 2009

A New Dawn

I have just returned from spending time with my colleagues in the US to breaking news this morning of another huge breach of data at a credit card processing company. This comes within a few months of the record-breaking Heartland breach and the fast and furious RBS Worldpay loss of $9m within an hour.

Credit card security worries me on two levels and was brought straight to the front of my mind several times last week in restaurants, gas stations and stores.

At a corporate level, processors are clearly being targeted by highly effective criminal organisations who have recently been frighteningly effective with slow as well as fast attack strategies. What they all have in common, though, is that disclosure to the members of the public that their own data may have been compromised was late and seemingly reluctant. But at least it happened. There remain states in the US which, like the UK, still refuse to adopt breach disclosure legislation.

On an individual level, I was worried each time I offered up a credit card last week and it was taken from my sight. This makes data theft at the single card level possible and is a thing of the past in Europe, where terminals are brought to the customer and PIN numbers have replaced signatures. My card could have been swiped for duplication on a dozen occasions in New York and New Jersey last week in a way that would be impossible in Oxford today.

The overwhelming sense of promise I felt in the US gives me enormous hope though. President Obama has announced a $790bn stimulus package with $35bn set aside for IT. He also has earmarked $22bn for an integrated healthcare IT infrastructure – showing what a truly brave man he is, judging by the history of the UK challenges in this area.

Obama has a golden opportunity in troubled times. He is uniquely positioned to drive the US to a position of leadership on all matters around IT security. A land which so values the freedom of the individual should be taking the lead in ensuring that the citizen is informed quickly and fully whenever any of their data is compromised. Given that data theft is an international business - US financial and personal data is so often stored and processed off shore – then he needs to drive such regulations internationally.

I think he can lead these much-needed changes – and I believe he will.

Paul Davie