Protection of your personal financial information (PFI)
Individuals and SMEs (small and medium-sized businesses) are turning to the financial services industry to help them invest in their economic future. Managing funds and controlling monetary risk is what these financial professionals do, but sharing your information with a financial specialist carries an amount of risk of its own.
What types of information are shared? When accounts are opened or transferred as an individual or SMB, personally identifiable information is inevitably passed between you and your financial services representative (and sometimes their support staff). This information includes and is not limited to:
- Name
- Address
- Social Security number
- Account numbers (eg when making a wire transfer or transferring banks or credit cards)
- Date of Birth
- Employment and income history
- Current Assets and Portfolio Information
Much of this information is obtained in person or online through a secure website, but SMBs and individual customers often turn to their brokers, account representatives, and customer service staff to answer specific questions about their accounts. . Increasingly, these information transactions are done electronically.
How can customer information be at risk if paperwork is done securely in person or through a secure web process? Personal financial information (PFI) can be compromised as you grow and build a personal relationship with your financial services professional. Sometimes the connection with a financial services company is made by phone, other times by email. It is the security of email communication between the customer and the company/organization where their PFI is put at risk.
A quick question or message sent to a financial services organization seems to go instantly from your computer to the recipient’s inbox. In reality, emails make temporary stops along the way. As emails are routed by proprietary servers to their final destination, messages arriving at each of these stops are often stored and sometimes copied or even scanned before being sent to their final destination. Email security goes beyond being aware of today’s phishing scheme, where unscrupulous data thieves impersonate someone from your trusted financial institution. Information interception is not just about who forwards your message, but also who can get hold of that message while it’s on the way.
Although financial firms abide by government laws, restrictions, and guidelines, sometimes they don’t seem to have concrete policies when it comes to emails between the client and the firm’s employee. Compliance and risk officers managing company policies must grapple with the nuances outlined by Sarbanes-Oxley, the Gramm-Leach-Bliley Act, and Securities and Exchange Commission (SEC) regulations. Each of these government-mandated policies dictate how your personal financial information (PFI) is handled digitally, but they do not describe the best method of PFI protection.
Andy Purdy, Acting Director of the Department of Homeland Security’s National Cyber Security Division in a February 2006 interview with CNet/News.com identifies the importance of protecting PFI and other important digital assets:
“I think consumers, small businesses and large businesses and government are all important when it comes to reducing cyber risk. We’re trying to raise awareness among partners about liability and techniques consumers can use to help protect their systems. (1)
A customer’s PFI is a commodity that can be bought and sold in black market data warehouses. Digital bullies seek to collect email information in various ways. What can individual customers and SMEs do to improve the situation while staying connected with their financial services company? Data encryption made it easy to protect sensitive information like PFI. If one of these black market digital thugs intercepts an encrypted message (unless they have somehow obtained the encryption keys), they will not be able to decrypt the message. If the email bully tries to crack any of the commonly used encryption algorithms, it is likely that he will not be able to do so in his lifetime.
Business owners and individual investors can work a lifetime to become financially successful and stable. Having sensitive information like one’s PFI at risk through email can destroy that financial stability.
The risk of communicating with these services can be contained by being aware of the risks of email, phishing scams, and the use of encryption tools to protect financial communications. Although quite broad in nature, financial services in each of its facets as a lender, investment manager or financing arm can go one step further in the economic success of its clients. The use of encryption tools allows the individual client or SME to remain in close contact with these administrators of their financial future.
– – – – – – – – –
Final Notes:
1.) Joris Evers, “Newsmaker: Locking down America’s Net Defenses” February 16, 2006, CNet New.com – http://news.com.com
