Keeping Loan Data Secure

One step toward cyber security

By John Closs

The following is a sequel to our August Commentary, “It’s Midnight. Do You Know Where Your Customer Data Is?”

Data breaches continue with stupefying regularity and scale. Just this month American Banker magazine has reported on two more major attacks on the financial industry, at Experian and an apparent attempt to get information on multiple banks from the American Bankers Association. These come on top of historic hacks into financial institutions in recent years, including JP Morgan Chase and Citibank and payment processers Global and Heartland. The impact trickles down. Last year after Home Depot was hacked, the Independent Community Bankers of America reported that breach alone cost community bankers over $90 million, primarily in reissuing 7.5 million debit and credit cards.

“There are enormous costs associated with data breaches,” warns Chris Yaldezian for Sterling Commerce, an AT&T firm. “First a data breach can have severe reputational costs to both the bank and its brand. Following a data breach, a bank likely will suffer loss of market capitalization and shareholder value. In addition, it will encounter some opportunity costs with sales and customer service. Customers may also begin to have some negative associations and uncertainty with a bank after a reported data breach, which would soon affect the bank’s ability to sell and cross-sell.”What is common in the reports on breaches is even scarier than the breaches themselves. In nearly all the cases, the defiled institutions don’t know who has stolen their data.

“It could be anything from Anonymous, who doesn’t like big business and doesn’t like the banking industry, all the way up to Iran,” Darren Hayes, director of cyber security at Pace University’s Seidenberg School of Computer Science and Information Systems in New York, told American Banker.

Moreover, the compromised institutions don’t know what the thieves are doing with what they got. And scariest of all, they typically don’t know what data was breached.

Bank IT departments used to focus on how to share information. Today they are more concerned about keeping it from being shared by those who would use it fraudulently. And what concerns them most is, according to a recent study by the Ponemon Institute, “not knowing the location of sensitive data,” that is, how vulnerable data outside the bank’s firewall might be. And even if data security is compromised through a third party vendor, the bank ultimately owns responsibility for its customer data.

To minimize the exposure of sensitive loan and customer data, MST offers the option of a locally hosted, browser-based solution for determining the allowance. The Loan Loss Analyzer (LLA) is the only automated ALLL solution on the market that can be housed on the bank’s server, keeping sensitive data inside the bank’s firewall. Data is not accessible by other applications or institutions. Administered at the bank’s server level, the LLA functions as a website to which only authorized users within the bank have access.

Banks will be spending more and more time and money on cyber security in years to come. The LLA helps the bank solve one of those problems by keeping sensitive customer loan data out of the hands of third party vendors and inside its own firewall.