The House Subcommittee on Commerce, Manufacturing and Trade heard from Sony and Epsilon about breaches that adversely affected consumer information. Both companies support a national data security and breach notification law.
Organizations looking to improve their privacy management in the event of a breach "have to continually plan and prepare," says Nationwide's Chief Privacy Officer Kirk Herath. That means putting into writing a comprehensive plan.
A July trial date has been set for a pay-at-the-pump skimming scheme that allegedly led to the theft of more than $150,000 from six Hawaii financial institutions, highlighting the growing fraud vulnerability of self-service card payments.
Kirk Herath, Chief Privacy Officer at Nationwide Insurance Companies, has been in privacy management for more than a decade, and he has two main concerns about today's enterprise: Mobile technology and cloud computing.
ThreatMetrix's Taussig says strong authentication should be part of every financial institution's layered security approach. And according to expected changes to the Federal Financial Institutions Examination Council's 2005 online authentication guidance, that means proven measures to enhance device identification.
A silver lining is emerging behind the rash of breaches that occur all too regularly. The fact that these breaches make the public more aware of the vulnerabilities is encouraging in efforts to make the Internet safer for all.
Wire fraud incidents from China prove current security measures, including multifactor authentication, are too easy to bypass. And security pundits say it all points back to why the financial industry needs more guidance about adequate online security.
Sony Corp.'s announcement that hackers may have accessed data on 77 million gamers follows a long line of recent breaches. And Neal O'Farrell of the Identity Theft Council says the string of incidents has led to consumer 'breach fatigue.'
Four years ago, the Council of Registered Ethical Security Testers began as an organization to bring standardization to the penetration testing industry. Today, CREST's scope is expanding across industries and global regions, says president Ian Glover.
While the cause of the Epsilon e-mail breach has not been publicly disclosed, the incident's aftermath has seen a growing list of organizations impacted by the breach. It also has ignited a new debate about the sensitivity of e-mail addresses.