Is Discover's breach alert service a risk to its brand?
Discover Financial Services has made a point of giving customers a sense of control over their accounts by being at the forefront with notifications and its “Freeze it” service launched two years ago that instantly blocks transactions when a card is reported lost or stolen.
But with its newest service that warns customers when their Social Security number turns up on the “dark web,” Discover is straying into a zone where the line begins to blur between reassurance and fear.
The risk to Discover is that its customers may think the card brand was somehow involved in the exposure of their Social Security numbers. After all, when breaches occur it is the standard practice for the notification to come directly from the company affected.
The difference with Discover's service is that, because it is an opt-in program, its users may already be bracing themselves for bad news.
“Consumers might very well be alarmed when they become aware their lost data is for sale, but since Discover requires the service to be activated, I trust only those consumers that are aware of the danger will enroll,” said Tim Sloane, director of payments innovation at Mercator Advisory Service.
Discover launched the free service last week, backed by national TV commercials that promise to alert customers if their Social Security number is found on “any of thousands of risky websites” Discover is monitoring. If Discover’s Internet surveillance turns up a customer’s SSN, the company will send a text alert or email and help the victim take action.
Discover simultaneously rolled out another free service enabling consumers to opt in for similar notifications when credit monitoring company Experian records any new credit card accounts, mortgages, car loans or other credit accounts opened in the customer’s name.
“We know that identity fraud is a concern for people everywhere, including our cardmembers, which is why we’ve decided to expand your monitoring features beyond just your Discover card account,” Discover explains on its website.
Discover should have no trouble finding examples of consumers whose personal data could be newly at risk.
“We know that identity fraud is on the rise, and that U.S. consumers feel their information is less secure than it was five years ago,” said Laks Vasudevan, vice president of global products and solutions at Discover, citing a study from Pew Research Center, in an emailed statement.
The Kansas Department of Commerce this month reported that a data breach in March exposed the Social Security numbers of 5.5 million consumers in 10 states to hackers, and this week Wells Fargo said it accidentally passed files to a third party that included Social Security numbers and account information for 50,000 high net worth customers.
Experts say Discover's move is likely driven more by fierce competition in the rewards credit card market than by a heightened consumer interest in security.
“With the proliferation of cash-back cards in the market, Discover has to carve out additional niches for itself,” said Patricia Hewitt, CEO of PG Research & Advisory Services. “Assuming they’re continuing to attract customers with higher-than-normal concerns regarding security, it’s up to the company to improve on these services and create an ecosystem account holders will continue to find valuable."
Discover promises to provide customer service agents to help customers protect themselves when they learn of an exposure. The quality of this customer service will determine how consumers react to Discover's outreach.
Other financial services providers offer identity protection services, and a key part of supporting these is educating consumers on steps they need to take after their data is compromised, including freezing and monitoring accounts and working with other financial services providers and agencies to ensure SSNs aren’t used to fraudulently authenticate accounts, said Al Pascual, senior vice president and research director at Javelin Strategy & Research.
“The catch will be what Discover advises the consumer to do once they’ve been notified that their SSN was compromised,” Pascual said.