Payments News from Glenbrook Partners
Glenbrook   Book   Education   Views   Archives   Store   Advertise   About         SUBSCRIBE:

Privacy

Welcome to the News View for "Privacy".

Here, on these archive pages, you'll find all of the articles on Payments News for Privacy listed in date sequence beginning with the most recent article at the top of the page.

Click here for a complete listing of what's available in the Payments News Archive - organized by both posting date and subject category.

Subscribe to Payments News!

June 16, 2009

"The Battle Over Personally Identifiable Information is Lost"

TowerGroup_logo-140px.jpgA new research report titled "Protecting Personal Information: We Lost the Battle, Can We Win the War?" by TowerGroup declares that the financial services industry has lost the battle to protect consumers' personally identifiable information (PII) data. TowerGroup's George Tubin points out that "in light of the loss or theft of hundreds of millions of data records containing PII, the financial services industry must consider the ramifications of past, present and future data losses." READ MORE »

January 11, 2009

Peter Wayner's New Editions

[Reposted from my personal blog: www.sjl.us]

I happened to hear from Peter Wayner that he's got new editions of both his Disappearing Cryptography (third edition) and Translucent Databases (second edition) now available.

Disappearing Cryptography is available from Amazon while it looks like Translucent Databases, for the moment anyway, is only available on the publisher's web site.

READ MORE »

December 23, 2008

Legislative Responses to Data Breaches, Information Security Failures

The Payment Cards Center of the Federal Reserve Bank of Philadelphia has published a new discussion paper titled "Legislative Responses to Data Breaches and Information Security Failures" icon_PDF_small.gif by Philip Keitel. READ MORE »

May 23, 2008

Trusteer Partners with ING DIRECT

ING DIRECT has announced that it has partnered with Trusteer to become the first US bank to offer Trusteer’s Rapport consumer Identity Theft protection software free to all of its customers. READ MORE »

May 20, 2008

Unisys Security Index Finds Bank Customers Concerned

The latest U.S. results of the Unisys Security Index find that Americans are more concerned than they were seven months ago about national security issues and health epidemics and are increasingly concerned about financial security issues and worries about identity theft. READ MORE »

April 25, 2007

Navigating the Payment Card Industry - Data Security Standard

Sarah D. Scalet writes for CSO Magazine about the Payment Card Industry - Data Security Standard (PCI-DSS) standard - calling it "corporate America's most ambitious effort yet to prove that it can self-regulate."

March 21, 2007

Federal Regulators Seek Public Comment on Model Privacy Notice

Eight federal regulators have released a notice of proposed rulemaking (NPR) requesting comment on a model privacy form that financial institutions can use for their privacy notices to consumers required by the Gramm-Leach-Bliley Act (GLB Act).

READ MORE »

February 24, 2007

Think Your Social Security Number Is Secure?

Damon Darlin writes for the New York Times about efforts to try to get Social Security numbers removed from web sites, etc. “The problem is every dentist’s office has Social Security numbers. Every doctor’s office has them. How secure are these?”

February 16, 2007

Another Look At Privacy Aspects Of Contactless Cards

In an article titled 'New Credit Cards May Leak Personal Information," Erik Larkin writes for PC World writes about the privacy aspects of new contactless credit cards - including a discussion of new "second generation" specifications from Visa that require the issuer not include the cardholder name in the data transmitted by the contactless card's chip.

January 05, 2007

FDIC Spotlights Importance Of Bank Incident Response Programs

The Federal Deposit Insurance Corporation's latest quarterly Supervisory Insights newsletter features an article titled "Incident Response Programs: Don't Get Caught Without One". From the abstract: "A security incident can damage corporate reputations, cause financial losses, and foster identity theft, and banks are increasingly becoming targets for attack because they hold valuable data that, when compromised, allow criminals to steal an individual's identity and drain financial accounts. To mitigate the effects of security breaches, organizations are finding it necessary to develop formal incident response programs (IRPs). This article highlights the importance of IRPs to a bank's information security program and provides information on required content and best practices banks may consider when developing effective response programs."

January 02, 2007

New Developments And Trends In The Law Of Information Security

Thomas J. Smedinghoff writes us with news about a new paper he's written titled "Where We're Headed — New Developments and Trends in the Law of Information Security" that's available online. Smedinghoff is a partner at the law firm of Wildman Harrold, in Chicago, and a member of the firm's Privacy, Data Security, and Information Law Practice. In the paper, he writes that "three legal trends are rapidly shaping the information security landscape for most companies." These include a continuing expansion of the duty to provide security, the emergence of a legal standard for compliance - a definition of "reasonable security", and the imposition of a duty to warn.

August 01, 2006

Beth Givens - Her Passion Is Privacy

Bruce V. Bigelow of the San Diego Union-Tribune writes a profile of Beth Givens, founding director of the Privacy Rights Clearinghouse, a San Diego nonprofit group "dedicated to helping consumers deal with the darker disadvantages of the information age."

April 26, 2006

Recommendation: Evolution of a Prototype Financial Privacy Notice

Glenbrook's Russ Jones comments on the release a few weeks ago by six federal agencies (Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Federal Trade Commission, National Credit Union Administration, Office of the Comptroller of the Currency, and the Securities and Exchange Commission) of a new report titled "Evolution of a Prototype Financial Privacy Notice" (pdf).

READ MORE »

March 31, 2006

Improving Financial Privacy Notices for Consumers

Federal regulators have announced the release of Evolution of a Prototype Financial Privacy Notice, a report by Kleimann Communication Group summarizing consumer research commissioned by the regulators as part of their ongoing efforts to develop improved financial privacy notices.

READ MORE »

March 23, 2006

Critics Call House Bill A Step In Erosion Of Consumer Laws

Edward Epstein reports for the San Francisco Chronicle on legislation pending in the House that would mandate certain uniform national standards for consumer notifications in the event of breaches of personal financial data, thereby pre-empting various state laws that are in effect dealing with notification requirements.

READ MORE »

March 10, 2006

Jeff Jonas - Pioneering The Future of Personal Data

NPR's Morning Edition had an interview this morning with Jeff Jonas, chief scientist with IBM's Entity Analytic Solutions, in which he talks about the future of privacy protection.

READ MORE »

February 23, 2006

CardSystems Solutions Settles FTC Charges

The Federal Trade Commission has announced that CardSystems Solutions, Inc. and its successor, Solidus Networks, Inc., doing business as Pay By Touch Solutions, have agreed to settle Federal Trade Commission charges that CardSystems' failure to take appropriate security measures to protect the sensitive information of tens of millions of consumers was an unfair practice that violated federal law.

READ MORE »

February 11, 2006

ChoicePoint's Recovery

Bill Husted writes from tomorrow's Atlanta Journal-Constitution about what a difference a year has made to suburban Atlanta-based ChoicePoint.

READ MORE »

January 26, 2006

Most Trusted Retail Banks

Ponemon Institute and Vontu, Inc. have announced the results of their 2006 Privacy Trust Study for Retail Banking concluding that National City and US Bank tied for first place.

READ MORE »

Choicepoint Settles Data Security Breach Charges

The Federal Trade Commission has announced that ChoicePoint, Inc., which last year acknowledged that the personal financial records of more than 163,000 consumers in its database had been compromised, will pay $10 million in civil penalties and $5 million in consumer redress to settle FTC charges that its security and record-handling procedures violated consumers’ privacy rights and federal laws.

READ MORE »

January 25, 2006

Visa: Consumers Worried About Personal Information

Visa International has released the results of new global survey of consumer attitudes concluding that the theft or loss of personal and financial information is the No. 1 concern of consumers worldwide (64 percent). A media backgrounder on the survey results (PDF) is available online.

READ MORE »

January 11, 2006

MasterCard Announces New Merchant Security Initiatives

MasterCard has announced several new merchant-related initiatives: incentives for merchants to adopt MasterCard SecureCode payer authentication, free network vulnerability scans of merchant systems, and new education for merchants on security and data protection issues. MasterCard has also launched a new merchant website focused on security at www.mastercardsecurity.com.

January 08, 2006

Bank Offshoring: Putting Data At Risk?

Patrik Jonsson writes for the Christian Science Monitor about the potential risks to customer and bank data associated with banks offshoring certain jobs.

READ MORE »

December 26, 2005

Data Brokers Press for U.S. Law

Joseph Menn reports for the Los Angeles Times on efforts by various data brokers to support federal rules to safeguard personal information - preferring a consistent federal standard vs. a range of potentially tougher and more varied state laws.

READ MORE »

November 14, 2005

Customer and Business Impacts from Breaches of Consumer Data

PGP Corporation has announced the results of two surveys of customer response to incidents of data breaches. The surveys reported that almost 20 percent of customers immediately terminated their accounts with vendors that lost their information, and an additional 40 percent considered termination. Companies participating in a parallel study estimated incurring an average cost of $14 million per breach incident, with costs ranging as high as $50 million. The reports are available online from PGP.

READ MORE »

September 17, 2005

Weekend Reading: Contactless Payments And The Security Challenges

David Birch of Consult Hyperion writes for Principia on contactless payments and how they deliver appropriate levels of security and privacy.

In a typical retail environment the retailer's point-of-sale (POS) terminal and the payment token both contain a microprocessor; the microprocessors communicate using a payment protocol (on top of the ISO 14443 protocol for basic data exchange).

When it is time to pay, the customer brings their tag close to the POS terminal. The terminal interrogates the card and gets back the serial number and a cryptogram (a one-time code calculated inside the token). It feeds these to the acquiring bank, which passes them back to the issuer. From the serial number, the issuer knows which account to authorise and from the cryptogram the issuer knows that the token is valid.

The cryptogram is made up from the serial number and a transaction counter, encrypted using the token security key. This key is inserted in the token during manufacturing; it is derived from the serial number and a bank master key. Once in the token, it is never divulged.

August 07, 2005

Data Privacy

From an article by Eric Dash in today's New York Times on data privacy:

Switzerland, for example, requires every employee who handles sensitive data like credit information to "sign a very draconian document," Ted Crooks, vice president of global fraud solutions for Fair Isaac, a data analytics company, said of data protection laws in that country.

"You don't mess with Swiss data," he said.

READ MORE »

July 17, 2005

Credit Card Ads Place Renewed Focus on Security

Eric Dash reports for the New York Times on the use of security features by card associations and card issuers in their advertising efforts.

"As it becomes a bigger consumer issue, more companies are going to talk about it," said David Sigel, the Citigroup account director at Fallon Worldwide in Minneapolis, a division of the Publicis Group. "It's a very competitive category, and you are looking to make your product as relevant as it can to consumers."

July 10, 2005

Private Investigators Concerned About Limits on SSN Access

Hiawatha Bray writes for the Boston Globe on concerns of private investigators about legislation that may limit the sale of Social Security Numbers in the wake of data security and information access breaches.

'We're under a lot of pressure to minimize the availability of Social Security numbers," said LexisNexis spokeswoman Mary Dale Walters.

Marco Piovesan, vice president of business services at ChoicePoint, said that his company has discussed the issue with private investigators, but has decided not to sell them Social Security numbers. ''We restrict that information to a large number of business types, including the PI group," Piovesan said.

July 09, 2005

Data Theft: How to Fix the Mess

Joe Nocera writes for the New York Times about data theft-- looking back at the actions twenty years ago led by Sen. William Proxmire that changed the way credit card issuers had to deal with consumers and why Bruce Schneier is recommending similar changes today to deal with data theft or data loss.

What we need right now is someone in power who can put the burden for this problem right where it belongs: on the financial and other institutions who collect this data. Let's face it: by the time even the most vigilant consumer discovers his information has been used fraudulently, it's already too late.

"When people ask me what can the average person do to stop identity theft, I say, 'nothing,' " said Bruce Schneier, the chief technology officer of Counterpane Internet Security. "This data is held by third parties and they have no impetus to fix it."

Payments News on Facebook
Glenbrook Partners

PAYMENTS NEWS IS PRODUCED BY AND IS A SERVICE MARK OF GLENBROOK PARTNERS, LLC
ISSN 1556-4487

Glenbrook's Consulting Services

  • Innovation and Strategy
  • Payments Product Development
  • Payments Market Assessments
  • Payments Vendor Selection
  • Merchant Payments Optimization
  • Payments Risk Management
  •  
  • To discuss how Glenbrook can
    help you
    , email us:

Glenbrook's Payments Education

  • Payments Boot Camps
  • Payments Essentials Webinars
  • Private Payments Workshops
  •  
  •  
  •  
  •  
  • For more information on Glenbrook's payments education, email us:

Tools for Payments Professionals

  • Glenbrook Writings
  • Payments News
  • Payments Views
  • Payments Jobs
  • Payments Education
  • Payments Bookstore
  •  
  • To send us news that you'd like us to cover on Payments News, email us:

Contacts:                        
Compilation Copyright © 2002 - 2014 Glenbrook Partners LLC. All Rights Reserved.
Terms of Use        Privacy Policy        RSS Feed        Payments News RSS Feed

Subscribe to Payments News   

Follow Payments News on Twitter for Real-Time Updates