Login Signup
Verified Document

Mitigating Data Risk At AMEX Research Paper

Related Topics:
Cybersecurity Cyber Security Money Laundering Security Breach
Open Document Cite Document

American Express and Data Theft Risk Scenario

In March 2016, American Express admitted that customer data was stolen from the company in 2013 in a letter to the California Attorney General (Condliffe, 2016). As a credit card company, AMEX works with a large number of merchants, and the data breach came on the merchant end and that the affected customers were notified as soon as was possible. However, this incident provides a learning experience, and the key problem now is how Amex can learn from this experience going forward with respect to how it handles such third-party data breaches in the future. This one particular incident is not the problem, but it highlights a broad category of problems -- credit card fraud and cybercrime -- that cost the industry billions of dollars every year. Managing this better than competitors will be a boon to consumer confidence in the American Express brand and can be a source for both financial and marketplace competitive advantage going forward.

Analysis

American Express competes in the credit card business, wherein it provides consumer credit, and works with retailers who recognize its credit cards to facilitate merchandise purchases. Amex has seen its total revenue decline in 2015 in the face of a competitive industry, and this in turn has reduced the company's profits as well (American Express Form 10K). Despite these struggles, the company cited its many strengths in its annual report, namely higher transaction volumes, industry-leading credit quality, a growing loan portfolio and strong operating expense controls. Another strength of Amex is that it has just recently surpassed MasterCard for the #2 position in the credit card industry, according to SEC filing data (Papadimitrou, 2016)

Working against these strengths are a number of weaknesses that the company faces in its operations. First, it is highly dependent on the U.S. dollar, and a stronger dollar supressed revenues from overseas customers, which were worth less when translated back to USD for financial reporting purposes -- Amex has high translation risk. The company is vulnerable to data breaches, as the core case identifies, in particular where vendors, merchants, and other third-party partners are concerned. While Amex can control its own cybercrime risk, it has very limited ability to control cybercrime risk at third parties that also have access to Amex customer data. Amex remains, however, a distant second behind Visa in market share, and ranks third in terms of global acceptance behind Visa and MasterCard, both of which have a much broader global network (Papadimitrou, 2016).

Working with a reasonably strong financial base and market position, Amex can improve its reputation among consumers by strengthening its credit card fraud prevention. This opportunity represents an improved way of handling such cases of data theft and other fraud. Credit card cybercrime costs the industry billions, but if American Express can develop superior security techniques, it can avoid the attention of thieves, who typically look for weaknesses in security that they can exploit. It is worth noting, however, that while there is significant opportunity to improve upon fraud prevention techniques, fraud remains a threat because the rapid pace of technological development allows criminals to often stay one step ahead of those engaged in cybersecurity (Barker, D'Amato & Sheridon, 2008).

Research shows that reducing opportunities to commit cybercrime is critical to achieving a reduction in such crime. Large credit card frauds in particular tend to be sophisticated crimes, and there are often organized crime links. In particular, criminals who steal the data must then sell that data in order to monetize their theft. The organizations that buy the data are usually the ones that actually commit the frauds. Thus, in order to defend against cybercrimes, it is important to deny the hackers access to data in the first place. Typically, proactive approaches are recommended by cybersecurity experts (Prabowo, 2011).

Alternatives

There are a couple of different alternatives that can be explored. One is to pursue remedies with the other major credit card companies (Visa, MasterCard, Discover). The advantages of pooling resources are that more resources can be put into the effort, and that efforts are not duplicated, leading to more efficient use of the resources that are applied to this problem. If the industry as a whole becomes difficult to scam, then criminals may turn their attention to other industries entirely. Conversely, if the four companies work independently on solutions, there may be enough gaps in the solutions for criminals to exploit, and the companies will forever be playing catch-up as criminals respond quickly to new opportunities...

Parts of this document are hidden

View Full Document
svg-one

The downside of this alternative is that if the companies work together, there is no opportunity for Amex to gain competitive advantage from the approach. Competitive advantage is specifically gained by outperforming the competition in specific areas. If Amex can go from being a company that receives negative publicity for security breaches to a company known for having few such breaches, that could make Amex a more attractive option for consumers. By working independently, there is greater risk of incomplete defenses, but greater upside if the company can outperform its competitors in cybercrime risk management.
The second alternative is to deal with the issue at the merchant level. . This means more carefully vetting merchants for their cybersecurity procedures. The advantages of this are that Amex can become a more exclusive card in a sense, offering a level of security that the other companies cannot offer. Amex already has lower distribution, and does not compete strictly on its distribution the way that Visa and MasterCard do, so the downside risk is lower than it would be for the other two major companies. Thus, Amex could gain competitive advantage by being the company whose vendors are certified to be trustworthy.

The disadvantage of this approach is that it is expensive. Verifying security protocols at each merchant would be a time-consuming, costly endeavor, and one that given the rapid changes in technology would have to be updated annually. This alternative may ultimately cost Amex more money than fraud does, to implement it in a meaningful way. Further, there are some risks associated with reducing the number of merchants that accept Amex cards, and raising barriers to merchants accepting these cards constrains Amex's revenue growth going forward in a way that increased usage by customers may not offset.

Recommendation

It is recommended that Amex works with its competitors to strengthen security throughout the industry. The credit card industry is targeted by criminals because it is an easy mark, and can be taken for billions. If the industry players work together on fraud prevention and data security, the pooling of resources, and efficient use of those resources, can make the credit card industry more secure overall. Further, these companies duplicate merchants -- most merchants take all four major cards -- so providing a simple, uniform set of security protocols for all merchants across the industry would make it easier for merchants to implement data security. This recommendation still leaves room for competitive advantage -- how the company handles incidents of fraud is an area where it can outperform its competitors. For example, Amex dealt with the California data breach quickly with affected customers, and moving quickly when incidents do occur, while maintaining a high level of communication with both customers and law enforcement, can be an area where if Amex outperforms, it will gain greater acceptance among customers. A recent poll by Gallup showed that cybercrime is the number one crime fear among Americans (Riffkin, 2014). Showing leadership in terms of reducing risk to consumers will go a long way to winning more customers and more transactions for Amex.

Conclusions

The first step to implementing this recommendation will be putting together a task force comprised of cybersecurity experts and representatives from the four major credit card companies. A set of objectives will need to be developed for the initiative, and an agreement will need to be reached on what resources each company will contribute to the effort. Once these basic features of the program are in place, work can be begin. There will need to be timelines, chains of command and other features of project management in place.

Ultimately, the recommendation here derives from basic principles of collaboration for mutual gain. The California data leak could have happened to any credit card company, and such leaks do. The industry loses billions every year to this problem. This makes the cybercrime issue one that is bigger than any one company. The best approach to solving such a problem is interfirm collaboration. Most examples of interfirm collaboration are found in product development, marketing and supply chain, but the concept makes sense here as well. The diffusion of knowledge within an industry is predictable based on knowledge distribution patterns (Singh, 2005). Given the rapid pace of change in cybercrime risk, the credit card industry needs a very rapid knowledge diffusion cycle to remain ahead of cybercriminals. There are trade-offs involved with interfirm collaboration, of course (Richey & Autry, 2009), and in this case Amex would be surrendering the opportunity to gain competitive advantage, but this is…

Continue Reading...
Sources used in this document:
References

American Express Form 10K for 2015. Retrieved March 19, 2016 from http://ir.americanexpress.com/Cache/1500081626.PDF?O=PDF&T=&Y=&D=&FID=1500081626&iid=102700

Barker, K., D'Amato, J. & Sheridon, P. (2008). Credit card fraud: Awareness and prevention. Journal of Financial Crime. Vol. 15 (4) 398-410.

Condlifee, J. (2016). American Express admits to theft of customer data three years late.. Gizmodo. Retrieved March 19, 2016 from http://gizmodo.com/american-express-admits-to-theft-of-customer-data-three-1765441909

Papadimitrou, O. (2016). Market share by credit card network. CardHub. Retrieved March 19, 2016 from http://www.cardhub.com/edu/market-share-by-credit-card-network/
Riffkin, R. (2014). Hacking tops list of crimes Americans worry about most. Gallup. Retrieved March 19, 2016 from http://www.gallup.com/poll/178856/hacking-tops-list-crimes-americans-worry.aspx
Cite this Document:
Copy Bibliography Citation

Related Documents

Essay
Mitigating Privacy Issues With Drones
Words: 2076 Length: 6 Document Type: Essay

Utilitarian Viewpoint of Drones Ethical Issues The topic discussed within this document is "Uncharted Territory: When Innovation Outpaces Regulation for Private Use of Drones." What is interesting about this topic is that the crux of it revolves about the fact that quite frequently in technological applications, innovations and availability outstrips regulation and user consistency. For the sake of this document, however, this phenomenon will be explored solely through the usage and

Read More
Essay
Construction Risk Management of Channel
Words: 1856 Length: 7 Document Type: Term Paper

In addition, Sound Transit has installed eight sensing devices for the building, including probes that would register any soil shifting at the tunnel depth. Such alerts would allow Sound Transit time to apply extra grout between the tunnel and the apartment building's basement. 6. Output Analysis and Discussion Here, Sound Transit has taken reasonable and economically feasible precautions to reduce the risk of damage from soil sliding. At this point, the remaining

Read More
Essay
African-American Women Who Have Lost
Words: 7688 Length: 17 Document Type: PhD Model Answer

However, conventional beliefs that there is low rate for African-American involvement in suicidal activities, there exists minimal focus on learning the possible suicide patterns among African-Americans. Social workers are not aware of the risks and protectiveness among African-Americans. This gives room for misinterpretation of facts concerning self-destructive activities of African-Americans. The research further stresses the importance of social workers to the study of suicide among African-Americans. They also have the

Read More
Essay
Cultural Forms of Expression African-American
Words: 2857 Length: 9 Document Type: Term Paper

(Cha-Jua, 2001, at (http://www.wpunj.edu/newpol/issue31/chajua31.htm) Another aspect of representation, however, concerns collective memory and the representation of a shared past. Through the context for dialogue they create, social movements facilitate the interweaving of individual stories and biographies into a collective, unified frame, a collective narrative. Part and parcel of the process of collective identity or will formation is the linking of diverse experiences into a unity, past as well as present.

Read More
Essay
Chinese-American Women and Their Experiences
Words: 12463 Length: 45 Document Type: Term Paper

Figure 1. Demographic composition of the United States (2003 estimate). Source: Based on tabular data in World Factbook, 2007 (no separate listing is maintained for Hispanics). From a strictly percentage perspective, it would seem that Asian-Americans do not represent much of a threat at all to mainstream American society, but these mere numbers do not tell the whole story of course. For one thing, Asian-Americans are one of the most diverse and

Read More
Essay
Released by the FBI and
Words: 17274 Length: 65 Document Type: Research Proposal

" Human development- behavioral shifts in human being that tae place during the course of an entire lifespan ("Human Behavior"). Risk Analysis- the activity of determining and analyzing the dangerous natural and human caused negative events. This analysis takes into consideration the risks these event pose to businesses individuals and governments. Within the domain of information technology risk analysis reports are utilized to tailor technology-related objectives with a an organization's business objectives.

Read More

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now