Why do data security breaches happen? One reason, plain and simple: People, said Frank Abagnale, president of Abagnale and Associates.

Abagnale is a 40-year veteran of the FBI and one of the world’s most respected authorities on forgery, fraud, embezzlement and secure documents. He is also a self-described confidence artist whose story was made into the film Catch Me If You Can, starring Leonardo DiCaprio.

“Every breach occurs because someone in that company did something they were not supposed to do or because someone in that company failed to do something they were supposed to do,” Abagnale said. “There is not a master hacker sitting in Russia who will get through the company. The hacker will say, ‘I am not getting into JP Morgan Chase because they spend a fortune every year on cybersecurity, but they employ 200,000 people worldwide, so all I am looking for is one of those people who failed to do something they were supposed to or did something they were not supposed to do.’”

Abagnale will speak on February 20 at 3 p.m. at the HIMSS17 Conference & Exhibition during a session entitled “Stealing Your Life!” He said he will explain the weaknesses and soft spots in companies and instill in attendees that the most important job they have is to keep the information entrusted with them safe.

Abagnale added he will show attendees how to keep information safe, including simple things they can take back to their healthcare organizations and do immediately.

“I’ve been at the FBI for more than 40 years,” he explained. “I have worked as a consultant to companies including Intuit and the AARP. I deal with data analytics and cybercrime issues around identity theft. In the 40 years I have been doing this, I have nothing to sell. Every solution I give my listeners is a solution that is free. It’s something they need to go do, not go buy.”

Abagnale describes his privacy and security presentation as “scary,” but purposefully so.

“The presentation shows how easy cybercrime is, but it also shows how easy it is to protect yourself,” he said. “The majority of people are honest, they do not think in a deceptive way – but I do. So people think there’s nothing wrong with leaving an address here or a Social Security number there. But when you explain to them this is why it’s a problem, and this is what someone can do with it, people are smart enough – if you show them the risks, not say go buy this and it costs $500 – to go back and do what you can suggest they do.”

When asked what’s one of the important points he’ll make in his presentation to HIMSS17 attendees, Abagnale drops a bomb for individuals seeking to protect their identity and assets.

“Never use a debit card,” he stated. “The safest form of payment is a credit card. I do not own a debit card, I have never allowed my three sons to have a debit card. Every day of my life I spend the credit card company’s money, my money sits in a money market account, no one knows where it is because it is not exposed to anyone. If someone charges $1 million on my credit card, by federal law I have no liability. My credit score goes up every month when I spend money and pay my bill. When you use a debit card, you are spending the money in your account, and you can use that card 20 times a day for the next 20 years and you will not raise your credit score one half of a point.”

Abagnale adds that, for example, he shops online all the time, but when he does, he uses a credit card.

“If the merchant does not deliver the merchandise, or if it is not as advertised, I do not have any liability, the credit card company will cover it,” he said. “When you use your debit card, you have already spent your money. I have been dealing with so many breaches over the years, and people say I was at Target and spent with my credit card and after the breach they cancelled my card and fixed everything. But if they say I used my debit card, they’ll add that it took two months to fix. This is a very simple concept.” 

This article is part of our ongoing coverage of HIMSS17. Visit Destination HIMSS17 for previews, reporting live from the show floor and after the conference.