Banking and financial systems often go unnoticed by the general public despite the fact that they support daily tasks. The US government even classifies financial systems under critical infrastructure. With both America and European countries relying heavily on technology, they have attempted to keep pace with new banking cybersecurity regulations. Ever wondered about the differences in cybersecurity regulations of banking in Europe vs. the US? Read on to find out now.
EI3PA
Last year, 56% of organizations were hit by a breach caused by one of their third party vendors. Let that sink in for a moment.
56%.
What has been the cause for the uptick in third party breaches lately? Supply chain attacks. These coordinated, front-line network assaults can be difficult for businesses to tackle internally. When you’re also working with third-party vendors that are utilizing your network, maintaining a high security posture during operating hours (which for some may end up being 24/7) can be near impossible. Unless these third-party vendors operate entirely under the same roof or network as your business, you won’t have the same level of control over credit-based compliance efforts as you would with your own internal operations. This lack of consistent control over credit-based compliance can leave your company in a tailspin after being hit by a devastating supply chain attack.
Third-party vendors are becoming more involved in business operations as time progresses. One survey notes that 75% of businesses saw third-party access grow over the past two years. With this increase in reliance on third party vendors to streamline business processes comes an increase in risks that might lead to a data breach if the consumer information is mismanaged and exploited by opportunistic hackers. When the organization is handling consumer credit information, there is a need to take extra precautions to ensure that the data does not fall into the wrong hands. This can be a difficult task to accomplish for a single organization, but when accounting for a third-party vendor, it can be nearly impossible to do unless security protocols are initiated to reinforce the consumer credit data.
In March of 2008, 134 million credit cards and the underlying data were stolen by spyware installed on the Heartland data systems via an SQL injection. Prior to the security breach, Heartland was processing over 100,000,000 card transactions a month for nearly 200,000 small to mid-sized retailers. This breach remained undiscovered until over six months later in January of 2009 when MasterCard and Visa alerted Heartland of suspicious activity and transactions. It was soon discovered that Heartland was out of compliance with the Payment Card Industry Data Security Standard (PCI DDS). As a result, they were not allowed to process card payments until they were found in compliance, which took six months, were required to pay over $145,000,000 in compensation for fraudulent payments, and lost thousands of customers due to their negligence. Now, Heartland is a company capable of weathering such a storm, but if you are a smaller online business, such a breach could wreck your company, and being found out of compliance can carry hefty fines.
What Are the Differences Between PCI DSS and EI3PA Requirements?
In 2018 certain industries are under the spotlight more than others and service providers are being watched much more closely. One of the industries that seem to be under fire every week is the security of consumer information. For example, patients in the health care industry are protected with patients rights under HIPAA laws. On the grander scheme, the world has gone futuristic and, unfortunately, that includes criminals. Whether its Macys, Sears or Saks Fifth Avenue, companies big and small have become targets for hackers. Regrettably, the data hacks of stores of any size affect all of us.
What is the Experian Independent 3rd Party Assessment (EI3PA)?
For a variety of financial service companies, dealing with the credit history of customers is part and parcel of doing business. Whether its issuing a credit card or financing a small business, banks, lenders, and other service providers and institutions routinely utilize credit data from companies like Experian to make the most appropriate business decisions. But theres just one catch – financial institutions need to be careful (and compliant) in the way they handle private credit history information thats shared with them from Experian data.