Philly Fed Study Measures Consumers’ Reaction to Breach
A new study from the Federal Reserve Bank of Philadelphia finds that consumers affected by a data breach are much more likely to opt for fraud protection, while those consumers who are unaffected or only hear news about breaches are less likely to use fraud prevention services. The basis of the study is the 2012 data breach of the South Carolina Department of Revenue.
The study determined that within six months of the South Carolina data breach, consumers directly exposed responded by acquiring fraud protections made available to them. The high rate of take-up of protections among this population may be because notifications were sent by the South Carolina government on the state’s letterhead. Data breaches with less formal notifications or with less clarity about the affected population elicited a different response from consumers. The study also determined that consumers who were not directly affected by the breach, but heard about the same media coverage “did not respond to this breach by acquiring fraud protections.” This implies that consumers in shared television media markets did not substantially update their beliefs about future and unrelated data breaches as a result of the televised news,” according to the report.
To gauge the effect of the breach on consumers’ behavior, the study examined the adoption of five fraud protection services: initial fraud alerts, extended fraud alerts, credit watches, credit or security freezes and credit opt outs, compared with consumer adoption in control groups. All these services provided consumers with one or more of the following features: additional identity verification from lenders, fraud insurance coverage, a complete credit file freeze, and removal from prescreened credit or insurance solicitations. Researchers found that victims of the 2012 South Carolina Department of Revenue Breach acquired many more fraud protection services immediately after the breach relative to consumers in other states. Consumers affected by the breach were six times more likely to put an initial fraud alert in their credit files compared with unaffected individuals.
Additionally, the odds of data breach victims obtaining a credit watch were 55 times higher than that of the control groups. Data breach victims were 29 times more likely to freeze their credit files and three times more likely to opt out of credit offers.
Related stories:
