What's safer: your card details or your health details?

By Marianne Curphey


Who do you trust more with your information: your doctor or your credit card provider?

If you went with the former, you are in the majority. According to a May 2017 survey from the Ponemon Institute, people trust their healthcare providers much more than their credit card company when it comes to keeping their data secure.

Here's why Brits trust their doctors more than their credit card issuers - and why they should maybe rethink their beliefs on the matter.

Card companies are more secure than you think
The Ponemon Institute study found that 68% of consumers trusted healthcare providers to preserve their privacy and to protect personal information. Additionally, banking institutions topped the list, with 77% of respondents saying they trusted them most. In contrast, only 26% of consumers trusted credit card companies.

However, the study found that credit card companies and banks were far better equipped to keep information secure than healthcare companies. It found that healthcare organisations accounted for 34% of all data breaches while banking, credit and financial organisations accounted for only 4.8%.

The report also pointed out that banking, credit and financial industries spent two to three times more on cybersecurity than healthcare organisations.

Bill Mann, senior vice president and chief product officer at Centrify, which commissioned the study, said there is a "very interesting discrepancy between what consumers think and what really happens."

"Financial services and banking firms are making two to three times more investment in cybersecurity than healthcare, and doing a better job to protect against breaches," Mann said.

"Consumer trust in certain industries may be misplaced," the authors of the study concluded.

"We trust our doctors to be confidential and we have a strong social contract with the NHS," said Jessica Barker, an independent cybersecurity expert who specialises in the human side of cybersecurity. "The effect of the 2007 banking crisis, although it wasn't connected with security, may affect consumers' perception of this sector."

How can card issuers boost confidence with consumers?
Financial services companies could use the study's findings as an opportunity to look at the way they are interacting with consumers, Barker said.

"I realise that a lot of financial companies might not want people to know the work that they are doing and the money they are investing around security," she said. "I understand they might feel that this is a red flag to hackers, which would invite a cyberattack."

However, she said it would be valuable for customers to hear what their bank is doing to protect them.

"It would be good to have that conversation," she said. "Trust takes a lifetime to build and a second to destroy."

Data breaches tarnish the brand, push down the share price and affect customer loyalty, Mann said.

"People who are responsible for security need to do a better job at the base level," he said.

Barker feels carelessness is often the root cause of breaches, including employees having access to information that they should not have or did not need, or introducing malware.

"There is more that financial services companies can do around human factors - who has access to information and how often is security updated and reviewed," she said.

Healthcare details are as beneficial to fraudsters as card details
At the end of the day, "fraudsters will go where the money is," said David Morrow, director and founder of Fraudfit, which provides businesses with access to high quality, independent fraud knowledge and skills.

Fraudsters may target financial companies, he said, but when they do, it's not to get data. Hacking healthcare databases, however, may provide the data a thief needs to construct a profile that they can then sell on the dark web.

Any time you give over personal details, financial or not, you are risking them being used by criminals if the company suffers a data breach. The best thing you can do is be proactive in what information you give out, and know what to do if your details are part of a big breach.

"There's no such thing as brand loyalty when it comes to fraudsters," Morrow said.

See related: How to ensure companies truly delete your personal data, 4 places your stolen information may be going

Published: 16 June 2017