With credit card processing fraud increasingly prevalent – as well as other forms of identity theft – IT security experts and buyer-beware consumers are calling on the government to implement more defensive measures through which Americans can protect themselves when buying in store or online. Oregon appears on the cusp of making increased due diligence a reality.
On March 1, the Oregon House of Representatives overwhelmingly passed a bill that, if signed into law by Governor Kate Brown, would require merchants to inform customers of a successful cybersecurity attack within 45 days of its detection. Fifty-eight of the state's lawmakers voted in favor of Senate Bill 1551, with only one opposed.
Although increased scrutiny has been a brewing issue in Oregon for awhile now, SB 1551 got much of its verve after credit agency Equifax reported more than 145 million consumers' credit information had been compromised last year. Indeed, the nickname of SB 1551 is the Equifax bill.
Ellen Rosenblum, Oregon's attorney general, noted in written testimony that consumers in the Beaver State were particularly hard hit.
"1.7 million Oregonians were impacted by the Equifax data breach."
"Oregon fared no better – over 1.7 million of Oregonians' information was breached," Rosenblum stated, according to the East Oregonian. "As one cannot change their Social Security Numbers, this is a breach that will follow Oregonians for many years to come. Not only does the sheer size of the breach cause concern, but the Equifax story revealed many other failures and unfair practices."
The financial fallout from the cyber incident has resulted in class-action lawsuits against Equifax, filed on behalf of the thousands of Oregonians who were adversely affected, according to State Scoop.
"Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach," the text of a lawsuit filed in federal court charges. "Equifax could have and should have substantially increased the amount of money it spent to protect against cyber-attacks but chose not to."
Consumers can have credit frozen for free
Should SB 1551 be signed into law as currently constituted, in addition to the 45-day notice required of affected businesses, consumers would have the ability to have their credit identities frozen – and unfrozen – free of charge, according to the Statesman Journal.
Cyberattacks have become frighteningly frequent, especially for consumers who regularly use their debit and credit cards for payment processing. At least 1,579 breaches transpired nationwide last year, according to the Identity Theft Resource Center. That's a near 45 percent increase from 2016, a year which had held the all-time record.
Eva Velasquez, ITRC president and CEO, indicated that part of the notable rise stems from businesses being more forthcoming as to when they've been compromised.
"We've seen the number of identified breaches increase as a result of industries moving toward more transparency," Velasquez explained. "We want to encourage businesses and government entities to continue to provide timely reports to their respective Attorney Generals [sic] so consumers can be better informed on what are the immediate and long-term impacts to their personal information by any given data breach."
Eight states have credit freeze legislation in place
Oregon isn't the only state making cybersecurity more of a priority, and in the process, giving consumers and business impacted more outlets through which to address these issues when they present themselves. Indiana, Maine and the Carolinas have laws in place permitting residents to freeze their credit profiles at no charge, as noted by State Scoop. New Jersey, Maryland, New York and Colorado offer similar services but they may be required to pay a fee to have the freezes removed.
Paul Cosgrove, a representative for the Oregon Bankers Association, told the Statesman Journal the Equifax hack was an eye opener because it touched so many lives.
"We are all subject to clever and very smart hackers and we need to be especially watchful to make sure our systems stay one step ahead of them," Cosgrove warned.
While the credit reporting giant initially believed the attack affected 141 million consumer, it announced recently that new evidence suggests it was more pervasive, impacting an additional 2.4 million in the U.S. whose private data was compromised.
In a statement, Equifax interim CEO Paulino de Rego Barros Jr. said the company will do everything it can to protect consumers and inform them directly if their identities have been stolen. The most common data cybercriminals seek are Social Security numbers and credit card specifics. In 2017, more than half of the reported breaches affected victims' Social Security and 19 percent debit and credit cards, according to the ITRC.
The best offense against cyberattacks is through a good defense. Contact 911 Software to learn more about the credit card payment software that can help keep consumers' financial data safe and secure.