Banks perform threat analyses on brick-and-mortar branches; cybersecurity should get the same scrutiny: Another view
I don’t care how a bank acts. Whether it wants to be a bank, a technology company or a circus, I’m a happy customer as long as it secures my data. Unfortunately, Capital One’s recent data breach shows the risks of adopting a “move fast and break things” mentality in the financial world.
I was not one of the more than 100 million affected by Capital One’s misfortunes last week. Even if I were, I would still prefer that the bank continue to embrace technology — if it can focus on the right things.
That means hiring a director of cloud security more than a mere two months ago and dedicating even more resources to proactive information security and risk management — ensuring that vulnerabilities are found and fixed before customers get hit.
A bank performs threat analyses for its brick-and-mortar branches; its cybersecurity should be subject to the same rigorous, never-ending scrutiny. Penetration testers and white-hat enthusiasts should be Capital One’s best friends, but having a generous bug bounty program wouldn’t hurt, either. I bet it would cost Capital One a lot less than a class-action settlement.
Going forward, Capital One needs to double down on technology, not get cold feet. As a customer, I should have a text message, a phone notification and an email the minute the bank uncovers a major security issue. I should have even more notifications if it finds my data in a breach, and its app should immediately prompt me to change my account password the second I log in.
OUR VIEW: Capital One data breach shows why it shouldn’t be a tech company that does banking
Capital One app on a mobile phone screen on July 30, 2019. (Photo: Matt Campbell/epa-EFE)
There should also be an easy way to activate free credit monitoring at any of the “big three” bureaus, and I should be prompted to set up device notifications for any charges or transfers made on any of my accounts — just in case.
Rise to the same security standards and usability customers expect from their backup software or encrypted messaging apps. The time for tiptoeing on the technological tightrope has passed.
David Murphy is the senior technology editor at Lifehacker. (Capital One did not respond to requests for an opposing view.)
If you can’t see this reader poll, please refresh your page.
Read or Share this story: https://www.usatoday.com/story/opinion/2019/08/07/capital-one-now-needs-double-down-technology-editorials-debates/1950378001/