• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint
 

Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint

on

  • 3,054 views

Retailers are liable for identity theft and can be subject to fines and criminal prosecution for breach. What consumer information is considered Personally Identifiable Information (PII)? What laws ...

Retailers are liable for identity theft and can be subject to fines and criminal prosecution for breach. What consumer information is considered Personally Identifiable Information (PII)? What laws should retailers be aware of? What are the 6 General Mandates that affect every retailer? What can merchants do to secure their electronic payments systems and procedures?

Statistics

Views

Total Views
3,054
Views on SlideShare
3,052
Embed Views
2

Actions

Likes
0
Downloads
42
Comments
0

1 Embed 2

http://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint Personally Identifiable Information – FTC: Identity theft is the most common consumer complaint Presentation Transcript

    • Personally Identifiable Information(PII)
      Presentation by: Ross Federgreen*
      *Founder, CSRSI® THE PAYMENT ADVISORS
    • PII
      Covers a wide range of data elements which can be tied back to or represent a given individual and can be used to cause harm to the individual if used without proper authorization.
    • PII
      • Individual Name
      • Address
      • Telephone number
      • Social Security number
      • Driver License number
      • Date of Birth
      • Bank Account number
      • Credit and Debit card number
      • State Identification number
      • Passwords
    • PII
      • Regulation
      • ALL States
      • Federal
      • Civil and Criminal
    • PII
      Federal Information Security Laws
      Federal Trade Commission Act of 1914 (FTC Act) and FTC Standards for Safeguarding Customer Information (FTC Safeguards Rule) enacted in 2003.
    • PII
      Federal Information Security Laws
      • Federal Privacy Act
      • Federal Information Security Management Act
      • OMB Security Act
      • Veterans Affairs Information Security Act
      • Gramm-Leach-Bliley Act
      • Federal Trade Commission Act (FTC ACT)
      • Fair Credit Reporting Act
      • Hospital Insurance Portability and Accountability Act (HIPAA)
      • Public Company Accounting Reform and Investor Protection Act (Sarbanes-Oaxley)
      • Family Educational Rights and Privacy Act (FERPA)
      • Drivers Advocacy Protection Act (DPPA)
      • Fair and Accurate Transaction Act (FACTA)
      • USA Patriot Act
    • PII
      Federal Information Security Laws
      Customer Identification Program Rules implementing Section 326 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA Patriot Act)
    • PII
      110th Congress-Data Security Bills
      Three bills were reported favorably out of Senate committees:
      • S.239 (Feinstein)
      • S.495 (Leahy)
      • S.1178 (Inouye)
      • Information and Data Breach Notification Requirements
      Other bills introduced
      S 806 (Pryor) S 1202 (Sessions) S 1260 (Carper) S 1558 (Coleman)
      HR 516 (Davis), HR 836 (Smith), HR 958 (Rush), HR 1307 (Wilson)
      HR 1685 (Price), HR 2124 (Davis)
    • PII
      As of January 2008, 39 states have enacted data security laws requiring entities to notify persons affected by security breaches and in some cases, to implement security programs to protect the security, confidentiality and integrity of data.
      Six states have introduced bills or enacted legislation to strengthen merchant security and/or hold companies liable for third party companies cost arising from data breaches.
      California
      Connecticut
      Illinois
      Massachusetts
      Minnesota
      Texas
    • PII
      Federal Trade Commission (FTC):
      Identity theft is the most common complaint from consumers in all 50 states.
      Represents between 35% and 40% of all complaints for the years 2005, 2006 and 2007
      In 2006 there were over 246,000 complaints filed.
    • PII
      Data Breaches
      Identity Theft
      Financial Crimes
      Credit Card Fraud
      Utilities Fraud
      Bank Fraud
      Mortgage Fraud
      Employment Related Fraud
      Government Documents Fraud
      Benefits Fraud
      Loan Fraud
      Health Care Fraud
    • PII
      Public concerns with Identity Theft:
      Security of sensitive information
      Security of computer systems
      Federal laws protecting
      Adequacy of enforcement
    • PII
      LIABILITY FOR Identity Theft:
      Retailers
      Credit Card Issuers
      Payment Processors
      Banks
      Data Processors
    • PII
      CRIMINAL PROSECUTION
      FAILURE TO REPORT
      UNAUTHORIZED POSSESSION UNAUTHORIZED ACCESS
      FAILURE TO SAFEGUARD
    • PII
      Federal Trade Commission
      CONSENT DECREE JANUARY 2008
      LIFE IS GOOD.com
      Being embraced as a minimum standard for operating entities to comply with on a going forward basis
    • PII
      Federal Trade Commission
      CONSENT DECREE JANUARY 2008
      “COMPREHENSIVE INFORMATION-SECURITY PROGRAM”
      Includes administrative, technical and physical safeguards tailored to the size of the commercial entity, the nature of its activities and the sensitivity of the personal information collected.
      SIX GENERAL MANDATES
    • PII
      Federal Trade Commission
      CONSENT DECREE JANUARY 2008
      Mandates:
      Designation of an employee or employees to coordinate the information security program.
    • PII
      Federal Trade Commission
      CONSENT DECREE JANUARY 2008
      Mandates:
      Identification of internal and external risks to the security and confidentiality of personal information and assess the safeguards already in place.
    • PII
      Federal Trade Commission
      CONSENT DECREE JANUARY 2008
      Mandates:
      Creation and implementation of safeguards to control the risks identified in the risk assessment.
    • PII
      Federal Trade Commission
      CONSENT DECREE JANUARY 2008
      Mandates:
      Monitoring the safeguard effectiveness
    • PII
      Federal Trade Commission
      CONSENT DECREE JANUARY 2008
      Mandates:
      Development of reasonable steps to select and oversee service providers that handle personal information
    • PII
      Federal Trade Commission
      CONSENT DECREE JANUARY 2008
      Mandates:
      Evaluation and adjustment of the program to reflect results of monitoring, material changes to the companies operations or other circumstances that may affect program efficiency.
    • PII
      VISA CISP BULLETIN MAY 14, 2007
      LEVEL 4 MERCHANT COMPLIANCE PROGRAM REQUIREMENTS
      TIMELINE OF CRITICAL EVENTS
      RISK-PROFILING STRATEGY
      MERCHANT EDUCATION STRATEGY
      COMPLIANCE STRATEGY
      COMPLIANCE REPORTING
    • PII
      CONCLUSION:
      PCI DSS IS A SUBSET OF PII REGULATION
      SIMPLY ASKING A MERCHANT TO ANSWER THE PCI DSS SAQ WITHOUT TRUE EDUCATON, RISK ANALYSIS AND FOLLOW-UP MONITORING FAILS TO MEET THE STANDARD
      REGULATION, RISK AND LIABILITY WILL ONLY INCREASE IN THE CURRENT ENVIRONMENT
    • Review Articles
      Federgreen, R; The facts on FACTA; The Green Sheet; 8:06:01; 2008
      Federgreen, R; PCI DSS and HIPAA- The security standards share common ground. Transaction Trends; 2007
      Federgreen, R; PCI Eye to eye with federal law; The Green Sheet; 7:07:02; 2007
      VISA.COM/CISP
    • QUESTIONS ?
      CSRSI.COM
      PCITOOLKIT.COM
      Rfedergreen@csrsi.com
      866 462 7774 ext 1