Capital One data breach shows it can’t be a tech company that banks

opinion

Once upon a time, any financial institution entrusted with your money and sensitive information would be housed in an imposing building made of granite. Its vault, often visible from the lobby, was formidable. And its managers would always be prudent, conservative types. Think Fidelity Fiduciary Bank, the fictional institution in the Mary Poppins movies, whose chairman in the original film sang: “Invest your tuppence wisely in the bank, safe and sound, soon that tuppence, safely invested in the bank, will compound.”

The idea was to convey a sense of security so that people would feel good about depositing their hard-earned cash and storing their prized possessions in safe deposit boxes. It spilled over to investors who saw bank stocks as prudent, though hardly spectacular, investments.

Nowadays, though, banks can’t do enough to shed the dowdy images, perhaps none more so than Virginia-based Capital One Financial Corp. During an earnings report this year, CEO Richard Fairbank all but said that he did not view his bank as, well, a bank: “What we’re doing at Capital One is building a technology company that does banking, instead of a bank that just uses technology.” 

Which brings us to the company’s announcement that a lone hacker — allegedly a troubled 33-year-old woman in Seattle — had managed to penetrate its firewall to acquire sensitive data on more than 100 million card customers and applicants.

The sad truth is that many modern banks don’t much care about people’s private information. The same apparently goes for companies that work with banks. On the same day the Capital One breach was reported, credit rating agency Equifax agreed to pay $700 million to settle a 2017 data breach. 

ANOTHER VIEW: Capital One now needs to double down on technology

Institutions might say they do care, but what really matters is how fast they can digitize everything about their company and migrate it to the cloud. By doing this they increase their profit margins and rates of growth, and become Wall Street darlings.

It’s not hard to see the financial pressure on banks. Since the Great Recession, their stock performance has been so-so, while tech companies have done extremely well. Anything that they could do to function more like tech companies that do finance, rather than vise versa, could make them hot properties.

Tech companies, however, are bad examples to follow. They collect data on people’s habits that allow advertisers, political operatives, hostile foreign powers and others to glean valuable insights. And banks hold even more sensitive information than do most tech outfits.

It’s one thing to be lax and self-interested with people’s web surfing histories or social media contacts. It’s quite another to be cavalier with account information, Social Security numbers and credit scores. These can be sold to people interested in taking out fraudulent loans, making fraudulent purchases and engaging in other forms of identity theft.

For this reason, banks can’t become tech companies. They need to retain their positions as fortresses — both literally and figuratively — of people’s wealth and vital data. Outsourcing information to cloud computing companies, like Amazon Web Services in Capital One’s case, has to be rethought. 

Capital One’s catchy marketing slogan — “What’s in your wallet?” — has helped make it one of the nation’s largest issuer of credit cards.

If it doesn’t change its ways, the answer to its question will be: not very much anymore.

If you can’t see this reader poll, please refresh your page.