Third-party vendors are becoming more involved in business operations as time progresses. One survey notes that 75% of businesses saw third-party access grow over the past two years. With this increase in reliance on third party vendors to streamline business processes comes an increase in risks that might lead to a data breach if the consumer information is mismanaged and exploited by opportunistic hackers. When the organization is handling consumer credit information, there is a need to take extra precautions to ensure that the data does not fall into the wrong hands. This can be a difficult task to accomplish for a single organization, but when accounting for a third-party vendor, it can be nearly impossible to do unless security protocols are initiated to reinforce the consumer credit data.
Blog
-
How to Acquire Level 1 EI3PA Certification
In March of 2008, 134 million credit cards and the underlying data were stolen by spyware installed on the Heartland data systems via an SQL injection. Prior to the security breach, Heartland was processing over 100,000,000 card transactions a month for nearly 200,000 small to mid-sized retailers. This breach remained undiscovered until over six months later in January of 2009 when MasterCard and Visa alerted Heartland of suspicious activity and transactions. It was soon discovered that Heartland was out of compliance with the Payment Card Industry Data Security Standard (PCI DDS). As a result, they were not allowed to process card payments until they were found in compliance, which took six months, were required to pay over $145,000,000 in compensation for fraudulent payments, and lost thousands of customers due to their negligence. Now, Heartland is a company capable of weathering such a storm, but if you are a smaller online business, such a breach could wreck your company, and being found out of compliance can carry hefty fines.
-
What Are the Differences Between PCI DSS and EI3PA Requirements?
In 2018 certain industries are under the spotlight more than others and service providers are being watched much more closely. One of the industries that seem to be under fire every week is the security of consumer information. For example, patients in the health care industry are protected with patients rights under HIPAA laws. On the grander scheme, the world has gone futuristic and, unfortunately, that includes criminals. Whether its Macys, Sears or Saks Fifth Avenue, companies big and small have become targets for hackers. Regrettably, the data hacks of stores of any size affect all of us.
-
What is the Experian Independent 3rd Party Assessment (EI3PA)?
For a variety of financial service companies, dealing with the credit history of customers is part and parcel of doing business. Whether its issuing a credit card or financing a small business, banks, lenders, and other service providers and institutions routinely utilize credit data from companies like Experian to make the most appropriate business decisions. But theres just one catch – financial institutions need to be careful (and compliant) in the way they handle private credit history information thats shared with them from Experian data.
-
Consequences of Non-compliance With CalOPPA
In 2003, California became the first state in the country to set robust strictures on the visibility of online consumer data. The California Online Privacy Protection Act, also known as CalOPPA, created regulations that required online websites and businesses to prominently display their Privacy Policy in regard to their users data.This law aimed to protect online users’ data and to inform them as to how their data might be tracked, mined, stored, trolled, sold, used, or shared. As of now, the posting of this notification is mandatory for any business or website that accrues personally identifiable information from California residents. CalOPPA states, [A website must] conspicuously post its Privacy Policy on its Web site, or in the case of an operator of an online service, make that policy available. If you are an online business found in non-compliance, if you do not clearly convey to your customers what data you collect, how you collect it, and what you plan to do with it, there are potentially severe ramifications that could cripple your business.
-
California Privacy Policy: What is CalOPPA?
Established in 2003, The California Online Privacy Protection Act (CalOPPA) was the very first state law in the United States that required commercial and online websites to post their privacy policy to the general public. The goal of this act was to protect online users from having their data mined, stored, used, or sold, without their knowledge or consent.
-
Tracking and monitoring all access to network resources and cardholder data (PCI DSS Reqs. 3, 7, 10)
Recent statistics have shown that 42% of consumers feel that credit cards are the safest payment option to protect cardholder data for their online purchases. With more consumers focusing on purchasing online rather than via brick and mortar retailers, this means that online retailers must take extra care in monitoring their network resources as they pertain to their cardholder data. Consumers are well within their entitlement to expect that their credit card transaction is secure once it has been processed. However, that expectation might fall short if the pathways that the payment company develops does not securely transmit their cardholder data once the transaction goes through. It is for this reason (and many others) that securing access to network resources for any organization that processes and/or stores credit card payments is critical.
-
Client Feature: MK Decision – The future of credit based decisioning
As compliance and cybersecurity providers, RSI Security has the opportunity to work with forward thinking, innovative, and downright neat companies. This week, RSI Security has the pleasure of featuring our client: MK Decision, an up and coming startup company in the Financial Technology (FinTech) sphere. Known for their Credit Card Origination System (CCOS) that they launched in May of 2018 — which recently secured them a spot in the Money20/20 USA Startup Academy. For those of you who may not know what CCOS or Money20/20 are, allow us to provide some insight.
-
5 things you need to know about how email encryption works
Whether its for personal or business reasons, email has become an indispensable method of communication in the modern world (and has been for quite some time). But thats exactly why emails are some of the biggest targets for hackers and cybercriminals. And its also why individuals, businesses, and all organizations are trying to send secure emails via enhanced email encryption.
-
Deploying Secure Systems and Applications (PCI DSS Req. 6)
The Payment Card Industry (PCI) is a coalition of credit card companies including American Express, Discover, MasterCard and Visa that is built on the backbone of 12 requirements specified in the PCI Data Security Standards (DSS). These requirements were implemented to ensure the continued financial safety of businesses and consumers alike. The number and severity of data breaches constantly on the rise and the PCI DSS requirements are there to provide organizations with the compliance framework they need to maintain a high level of network security.