Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Data Breaches Preparedness (Credit Union Conference Session)


Published on

Has your credit union considered how member relations, legal compliance and brand reputation might be affected during a data breach? In this 2012 NAFCU Technology & Security Conference session recording you will learn about the risks of data breaches and how they could impact your credit union.

Published in: Economy & Finance, Business
  • Login to see the comments

  • Be the first to like this

Data Breaches Preparedness (Credit Union Conference Session)

  1. 1. Data Breaches Preparedness – Practical Tips for Responding presented by Christine El Eris, Product Director, Affinion GroupProprietary & Confidential
  2. 2. What is a Data Breach? A breach is defined as an event in which an individual name plus Social Security Number (SSN), driver’s license number, medical record or a financial record/credit/debit card is potentially put at risk – either in electronic or paper format. Presentation Prepared 2 For
  3. 3. Data Breaches Occur Every Day Breaches are a daily news item Yet many organizations, their IT, data security and senior management teams still hope: “It won’t happen to us.” No matter how secure your web sites or data networks are, it may just be a matter of time before – an employee loses a laptop containing critical data – a staffer clicks on a phishing link that launches malware or lets an attacker in to the company network – a third party supplier improperly handles your members’ data – a hacker takes advantage of a vulnerability in security weakness of a third party vendor or supplier Presentation Prepared 3 For
  4. 4. Organizational Risks All Sectors Are Vulnerable Breached entities include Corporations, Healthcare, Government, Financial, Colleges & Universities Breaches Exposed More Data in 2011 than 2010  According to the Identity Theft Resource Center, there were 662 breaches in 2010 identified as of 12/29/2010 affecting over 16 million records  2011 saw 414 reported incidents with nearly 23 million records impacted  Complexities of the crime continue to change Legislative Environment Increasingly Complex  Breach notification laws now in 46 states plus District of Columbia  Federal Trade Commission’s Red Flag rules  State AG expectations for post-breach response  Specter of federal regulation in the future Increased Consumer Expectations Your members expect MORE than just a notification and credit monitoring when their personal data has been exposedPresentation Prepared 4 For
  5. 5. Trends: Identity Theft Consumer Risks  Consumers whose data has been exposed as the result of a data breach are four times more likely to become victims of identity fraud  New account fraud has become significantly more complicated:  It takes more than 140 days to be detected  And requires more than 180 days to be resolved  And consumers incur more than $1,200 of out-of-pocket expense Source: 2011 Javelin Strategy & Research “Identity Fraud Survey Report”Presentation Prepared 5 For
  6. 6. How to Respond to a Data Breach IncidentPresentation Prepared 6 For
  7. 7. What NOT to Do … a Lesson from Sony Presentation Prepared 7 For
  8. 8. Immediate First Steps • Assemble your response team – Who should be involved? How will you manage resources? • Conduct a risk assessment – Who is affected? Do you need to notify customers/clients/patients whose data was impacted? • Comply with federal and state regulations – How can you avoid fines? Will there be an investigation? – How can you prepare for inevitable lawsuits? – 46 states and the District of Columbia mandate notifications to impacted individuals (based on residency of breached individuals, not the organization who lost the data or where the data resided) – Become familiar with state AG opinions on notifying consumers and providing post-incident remediation services – Pay attention to FTC’s guidelines – Keep your attorney included in all discussions related to the incident to protect attorney-client privilege • Set up a call center – What resources are required? How will you serve non-English speakers if applicable?Presentation Prepared 8 For
  9. 9. Utilize Experts As Needed • Implement a public relations/brand management strategy to manage and repair your corporate reputation • Consider a trusted third-party to manage the state-mandated notifications and provide post- incident identity protection and credit monitoring services • Consider a trusted third-party to conduct forensic analysis – even if you know what occurred, it is best to out-source this function • Employ outside counsel who are experts on data privacy law to assist your in-house counsel • Consider pre-contracting for each of the above services – Saves time when an event occurs – Enables your organization to properly perform due diligence on each partner in advance and at your own pacePresentation Prepared 9 For
  10. 10. How Can Affinion Security Center Help?Presentation Prepared 10 For
  11. 11. Affinion Security Center History Identity theft market leader Comprehensive solutions 200 15 million #1 provider of identity theft configurations of benefits supported identities protected FCRA- and MAGIC- certified staff using well- services defined policies and 5 years fraud resolution 35+ years average tenure of our procedures $25+ million caseworkers invested in product 15 years development, servicing and testing of benefits in Next Gen Siebel CRM average tenure solutions empowering with automated workflow used for team leaders the last year alone consumers to prevent, for case management and detect and resolve fraud reporting Financially strong The largest multi-channel reach Scalable platform to True multi-channel $1.4 billion accommodate 18+ Million in 2010 revenue future growth customers offered reach through direct mail, breach remediation Cited by Inc. Magazine as one of the in-branch, online, solutions fastest growing private companies telephony Marketing in More than 24% 16 $164+ million increase in profitability countries around 1 billion in cash at year-end over the last 5 years unique contacts the world made annuallyPresentation Prepared 11 For
  12. 12. Affinion’s Product Road Map – Identity Theft SolutionsAbility to Combat a Full-Spectrum of ID Fraud Issues Credit Monitoring with Public Records Evaluate ID Fraud Risks Real time activity alerts; the 3 bureaus credit & non-credit Credit Header, Proprietary “Deputize the Consumer” by Databases providing him or her meaningful, actionable alerts to evaluate if Peer-to-Peer File Exchange fraud is occurring to stop it fast. Networks Concept coined by: Internet Directories & Web Social Media Black Market Web and Children SSN Monitoring Underground Chat-RoomsPresentation Prepared 12 For
  13. 13. ASC’s End-to-End SolutionService Incident Notification ID Theft Ongoing Customer Enrollment Response List Services Drafting & Protection Support & Support Options Consulting Printing Services Reporting Proactive List hygiene Drafting Pre-enrollment Prevention Full File Standard or preparation breach FAQ Enrollment ‘a la carte’Description De-duping Printing support Detection requests VRU/Call Center NCOA services Mailing Enrollment Resolution support Services* Online USPS compliance Post-enrollment USPS remediation Average timeline for all enrollment options being functional is 21 days from when ASC learns of a breachThe Affinion Difference Established best 20 individuals Highly scalable Proven scale to More than 15 Over 1 Billion Breach team practices dedicated to services to support 40 million million consumers unique contacts dedicated to leveraging limiting notification support 700 calls annually enrolled in ID theft annually through your account experience from costs million pieces of across 20 call protection today multiple channels, offering hundreds of mail annually centers including completely breaches dedicated VRU customizable Dedicated fraud enrollment reporting at no resolution additional specialists charge averaging 5 years tenure per case worker Presentation Prepared 13 For
  14. 14. Case Study: Top 10 FI Impacted Population: 4.5 Million List Services After a major consulting and auditing firm hired to do forensics on the 60+ impacted databases had already spent weeks working on record cleansing, BreachShield stepped in. Our team of database experts was able to scrub the files within 72 hours. Using our NCOA and de-duping capabilities, we reduced the mailing cost to 1/4 of the amount initially expected. Contact Center To ensure an optimal customer experience and preserve SLA levels while managing increased call center volumes, Affinion Security Center (ASC) utilized both VRU and live agent options. 40% of callers opted for the VRU, minimizing the financial impact to the client. Positive results for the client: • Notification process was expedited • Proper list management and use of VRU saved the client over $1 millionPresentation Prepared 14 For
  15. 15. Case Study: Insurance Carrier Impacted Population: 500,000 The Client Declined our Services Instead, the simply mailed notification letters to the impacted population. Facing increasing media and legal pressures, the client later offered a referral to an optional ID theft protection service on their website and via their contact center. Less than a year later, the client faced a class-action lawsuit. A major settlement component was offering two years of ID theft protection service to the impacted population, with costs that were much greater than Affinion Security Center’s initial price quote. A proactive and thorough response plan would have: 1) Protected their brand from negative PR 2) Significantly reduced costs 3) Provided a robust solution to the affected populationPresentation Prepared 15 For
  16. 16. Case Study: Entertainment Company Impacted Population: 50 Million Flexibility to Meet Diverse Needs An entertainment company has a breach that affected more than 50 million individual customers. While the company was pre-contracted within the US with another provider, they found that provider inadequate for international needs. Starting from scratch, Affinion Security Center was able to create a solution for 10 million impacted users in less than 30 days. Positive Result for the Client: Media scrutiny was significantly lessened overseas.Presentation Prepared 16 For
  17. 17. A Trusted Resource This publication includes: • Data breach facts and terms • Explanations of breach notification laws • Suggested incident response action plan • Sample customer notifications Prepared 17 For