Group items tagged

Chase Bank has sent out data breach notification letters to an undisclosed number of customers after a computer tape with customers' personal information was reported missing from a third-party vendor's storage facility. Tom Kelly, spokesperson for New York-based Chase, the commercial/consumer banking arm of financial giant JPMorgan Chase, says the vendor -- which he would not name -- confirmed it received and maintained the tape, and that its offsite facility had been searched thoroughly after the tape disappeared. Kelly would not say if the data on the tape was encrypted, but says its data can be read only with special equipment and software. "We have no evidence to indicate any of the information has been viewed or used inappropriately," Kelly says. A local ABC News station in Louisville, KY first reported the missing data tape and the notification letters being sent in August. Kelly says the notification letters are being sent out in batches, but would not say how long the tape has been missing, nor what type of customers' information (credit or banking) was on the tape. The electronic files, according to the notification letter, may have included names, addresses and Social Security numbers, but did not include any banking or financial information. Affected customers are being offered a free one-year subscription to the bank's identity protection program, Kelly says. For more information on 2009 data breaches involving financial institutions, see this interactive timeline

There is an old axiom in marketing circles that it costs more money to acquire new customers than to retain and service your old ones. In this precarious financial environment, the focus for many companies is now on keeping the existing customers satisfied, rather than worrying only about adding new ones to the fold. Since the business environment has slowed for now, showing your clients additional "value added" services rather than simply a lower price, for example, will be critical. Companies should be taking an introspective look for differentiating factors in the areas of security and privacy "value," and how they can leverage what they uncover - a competitive advantage. How can an organization best position their privacy and security programs to be used as a competitive advantage? First, of course, you need to ensure that your privacy and security program is robust, well-tested, formally documented and meets or exceeds whatever legislation that your company is subject to or regulated against. It is also important to give your customers a point of reference about the validity of your programs so they easily translate the value into a currency they recognize. Further, you should take advantage of any other internal and external audits, assessments and oversights that you can reasonably share with external parties by crafting the results of these documents as a consumable for external parties. It has been my experience that clients, especially their security teams, really appreciate this effort. Another innovative way to deliver a competitive advantage today is in the realm of vendor management. This discipline is quickly becoming an increasingly high-profile topic of discussion and interest between clients, customers and their service providers. The onus is on you anyway to demonstrate oversight of your third-party service provider(s). This is where you should also have the "value add" conversation and validate why your clients placed their trus

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

Federal regulators slapped hundreds of small telecommunications providers for not abiding by new rules designed to protect consumer phone records, proposing more than $13 million in total fines. The Federal Communications Commission proposed $20,000 fines on more than 650 small phone, pager and wireless providers Tuesday, accusing them of not filing paperwork that certifies they have put protections in place to protect customer phone data. "I have long stressed the importance of protecting the sensitive information that telecommunications carriers collect about their customers," said Michael Copps, the FCC's interim chairman, in a statement. "The broad nature of this enforcement action hopefully will ensure substantial compliance with our [privacy] rules going forward as the Commission continues to make consumer privacy protection a top priority." In April 2007, the FCC tightened privacy requirements on phone companies in response to consumer complaints about data brokers selling phone records they had obtained illegally through "pretexting," or getting information under false circumstances. The agency required telecom companies to increase security of phone records, requiring customers to provide a password before receiving account information over the phone or online. Phone companies are required to notify customers when changes are made to their accounts or if their information has been improperly accessed. Companies are required to file annual certifications that they have complied with those requirements. The FCC said hundreds of small companies didn't provide the information in 2008, although it noted it was the first year the agency had required the paperwork. The agency warned that future noncompliance could face "more severe penalties."

Now that behavioral targeting has become more pervasive (and more effective), it is being talked about not only by publishers and advertisers, but also by privacy advocates -- organizations like the NAI and IAB and, in Washington, the FTC. At issue is if BT players are doing enough to disclosure to consumers how BT works and offering them the opportunity to opt out of being tracked by BT vendors and publishers. There has been much discussion about how to regulate behavioral marketers; but no solution that satisfies everyone. The BT industry so far has contended that website privacy policies are sufficient disclosure since many of them contain links to opts out opportunities like the NAI site. Google and Bluekai have announced 'preference pages' or registries that allow Web users to say what type of BT they are interested in receiving. But, the other, more common option is to put that information in the Privacy Policy of the site. But the problem with that is that no matter where disclosures are placed on the service provider's site, most people won't ever see them. How will a customer visiting Retail SiteX know that Company Y is going to use their browsing behavior to later display relevant ads to them as they surf the Web on Network Z? The average customer won't. The only way a customer will know what forms of BT advertisers are using is if the advertisers themselves tell them. I think that it's time for advertisers to step up in this privacy debate. Thus far the pressure for disclosure has been placed on networks, behavioral marketing providers and publishers. The key players in those industries have done a good job of becoming more transparent (though there is still work ahead of us), while advertisers haven't been asked to do anything. Advertisers are clearly benefiting from behavioral marketing, and its time they disclosed what type of behavioral marketing they participate in, and allow customers to opt-out. How they do this is open for discussion: Tag each

More than 6 million current and former customers of online brokerage TD Ameritrade Holding Corp. will be able to benefit from the settlement of a class-action lawsuit filed over the theft of client contact information. Formal notice of a settlement agreement will be sent to people who used TD Ameritrade's services before mid-September 2007. U.S. District Judge Vaughn Walker in San Francisco approved a revised version of the settlement agreement earlier this month despite some misgivings about it. Last summer, Walker rejected an earlier version of the deal. Anyone who held an Ameritrade account or provided an e-mail address to the company before Sept. 14, 2007, could benefit from the lawsuit. The database that was breached included information on 6.2 million people. The plaintiffs in the lawsuit said they received unwanted e-mail ads about certain stocks. The ads appeared to be designed to manipulate the value of thinly traded stocks. Ameritrade officials and one of the lead plaintiff's attorneys, Scott Kamber, have said the data theft has not been linked to cases of identity theft. As part of the proposed settlement, the Omaha-based company will pay nearly $1.9 million in legal fees and cover the cost of one year of anti-spam service for the victims. Ameritrade also promised to better protect customer data. Those terms have not changed from the original proposed settlement. But the new agreement will more clearly state that Ameritrade customers were at risk of identity theft, and it will preserve customers' ability to pursue identity theft claims against Ameritrade. Most of the changes to the agreement happened because the Texas Attorney General's Office and a former named plaintiff objected to the previous deal. In his order, the judge questioned whether the settlement does enough to benefit Ameritrade clients whose information was stolen. "The court is particularly concerned that TD Ameritrade has agreed to pay the class counsel $1.87 million and yet the

I. INTRODUCTION The globalization revolution is undeniably well underway. Some of the primary leaders of the revolution are the off-shoring outsourcers of the world in search of readily available talent at prices below what is available in the traditional geographical outsourcing centers. Certainly, U.S. companies seeking information technology resources--as well as those looking for human resources to support the ever-growing customer care requirements of their business--are at the forefront of the movement. Some of those companies are seeking their own solutions, but many have turned to business process outsourcing companies for assistance. Business process outsourcing is, generally speaking, the contracting of a specific business task to a third party service provider. Processes that are best suited to be outsourced are those that a company requires but does not depend upon to maintain its position in the marketplace. There are two primary categories of business process outsourcing. One category is commonly referred to as "back office outsourcing" which includes internal business functions such as billing or purchasing. The other category is commonly referred to as "front office outsourcing" which includes customer-related services such as marketing, customer contact management, and technical support. The globalization of business in general has resulted in the need for companies to be able to provide support to their customers in many different languages. At the same time, developments in technology have provided the ability for business process outsourcers to provide a cost effective global delivery platform. The convergence of the need for a portfolio of services to be sourced globally with the ability of business process outsourcers to do so on a cost effective basis has driven the outsourcers to geographic locations previously ignored by most business sectors. By many estimates, there are currently off-shore outsourcing vendors in more than 175 different

Paul Greenberg explains it this way in CRM at the Speed of Light, Fourth Edition: Social CRM 2.0 Strategies, Tools, and Techniques for Engaging Your Customers "It is a revolution in how we communicate, not how we do business....We are now living in the era of the social customer.

The traditional

"A Texas bank is suing a customer hit by an $800,000 cybertheft incident in a case that could test the extent to which customers should be held responsible for protecting their online accounts from compromises. The incident, which was first reported by blogger Brian Krebs this week, involves Lubbock-based PlainsCapital bank and its customer Hillary Machinery Inc. of Plano. In November, unknown attackers based in Romania and Italy initiated a series of unauthorized wire transfers from Hillary's bank accounts and depleted it by $801,495. About $600,000 of the amount was later recovered by PlainsCapital. Hillary demanded that the bank repay it the rest of the stolen money. In a letter to the bank in December, Hillary claimed that the theft happened only because PlainsCapital had failed to implement adequate security measures. PlainsCapital promptly filed a lawsuit in the U.S. District Court for the Eastern District of Texas asking the court to certify that its security procedures were "commercially reasonable." In its complaint, the bank noted that it had made every effort to recover the stolen money."

Bank sues theft victim in pre-emptive strike

"The credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week, company officials said Monday. The company confirmed Monday in a blog post that several thousand Windows Live customers had their usernames and passwords exposed on a third-party site over the weekend. "Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers," the post said. "As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts." Windows Live IDs let users gain entry into Hotmail, Messenger, Xbox LIVE, according to Microsoft. The usernames and passwords that were leaked may also be used for other Microsoft services, including the company's web-based Office program and the Skydrive online storage service. News of the breach spread early Monday, but it was unclear how the credentials were originally obtained."

Data security represents both a new market opportunity to sell insurance coverage and a new risk - especially for independent insurance agencies that may not be compliant with data security laws or have plans in place to protect their own companies from data breaches. While data security is an evolving issue, failing to protect data can have a huge financial impact on a company. The average total per-incident cost of a data security breach was $6.65 million, compared to an average per-incident cost of $6.3 million in 2007, according to the "U.S. Cost of Data Breach Study" conducted by data protection company PGP Corp. and information management research firm The Ponemon Institute. The PGP/Ponemon study indicated that data breach incidents cost U.S. companies $202 per compromised customer record in 2008, meaning that companies incur additional costs with an abnormal churn in lost customers. More than 84 percent of data breach cases in 2008 involved organizations that had more than one data breach. And, more than 88 percent of all cases in the study involved insider negligence. The cost of lost business continued to be the most costly effect of a breach, averaging $4.59 million or $139 per record compromised. Lost business now accounts for 69 percent of data breach costs, up from 65 percent in 2007, compared to 54 percent in the 2006 study. "After four years of conducting this study, one thing remains constant: U.S. businesses continue to pay dearly for having a data breach," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. "As costs only continue to rise, companies must remain on guard or face losing valuable customers in this unpredictable economy." Includes video: Data Security Creating Insurance Agent Sales Opportunities

A consumer reporting agency that failed to properly screen prospective customers and, as a result, sold at least 318 credit reports to identity thieves, has agreed to settle Federal Trade Commission charges that it violated federal law. Under the settlement, the company and its principal must ensure that they provide credit reports only to legitimate businesses for lawful purposes, use a comprehensive information security program, and obtain independent audits every other year for 20 years. The settlement also imposes a $500,000 penalty but suspends payment due to the defendants' inability to pay. According to the FTC, the defendants use sensitive financial data from other consumer reporting agencies to create reports that landlords use to assess potential renters. These reports contain consumers' names, Social Security numbers, birth dates, bank and credit card account numbers, credit histories, and other personal information. The Commission alleges that the company failed to properly screen new customers. The company allegedly requested only publicly-available information from applicants seeking credit reports, and it did not request supporting documentation to establish that an applicant was actually a landlord renting property. As a result, identity thieves posing as property owners were given an account with unlimited online access to credit reports, and the account was used to access at least 318 reports containing sensitive personal information. The FTC charged the defendants with violating the Fair Credit Reporting Act (FCRA) by furnishing credit reports to persons who did not have a permissible purpose to obtain them, and by failing to maintain reasonable procedures to prevent such impermissible disclosures and to verify their customers' identities and how they intended to use the information. The agency also charged them with violating the FTC Act by failing to employ reasonable and appropriate security measures to protect sensitive consumer inform

With Twitter firmly established as the "conversation place to be," marketers are beginning to look for where they fit in. And that means tools. For the uninitiated, Twitter is a service that lets individuals exchange 140-character messages-via computer or mobile device-with groups of "followers." The result is a fast-and-loose, multidimensional conversation that falls somewhere in between blogging and text messaging, happening in real time between millions of users around the world. Luckily, the Web interface for Twitter.com is just the start of many ways to interact with and glean intelligence from Twitter conversations. There is big potential value for tapping into the Twitter-stream for insights into what customers are saying about your company's brand and its market. "Millions are leaning on Twitter pretty hard as a way to network and communicate with contacts new and old," said John Jatsch, a social marketing expert and operator of Duct Tape Marketing. He added that marketers have many options for how to use Twitter, including connecting with customers, monitoring conversations and testing new ideas. To use Twitter to its fullest, b-to-b marketers should consider using the following handful of tools and services: ??Twitter clients. It doesn't take long for most Twitter users to move beyond using Twitter.com to post and monitor their posts or "tweets." There are much more powerful tools at your disposal for reading, filtering, searching and posting to Twitter.com. The list of Twitter clients includes popular Mac client Twitterific; Adobe Air-based clients such as Twhirl, Tweetr and Spaz; Firefox add-ons like Twitterfox and TwitBin; and software that lets you track multiple social engines-such as Facebook, FriendFeed and even instant messaging as well as Twitter-like Digsby and AlertThingy. A new client receiving a lot of buzz is TweetDeck, which features a huge but customizable user interface that makes it easier to track posts, re

A recent data breach study commissioned by the state of Maine sheds light on the losses banks experienced as a result of the data breaches at TJX and Hannaford Brother's supermarkets. The state's banks said they incurred $2.1 million in expenses related to data breaches since January 1, 2007. The Hannaford breach had the largest impact, affecting 71 financial institutions and incurring $1.6 million in expenses according to the Maine Data Breach Study. Hannaford is based in Scarborough, Maine. The TJX breach accounted for $485,000 in expenses. The report was issued by the Main Bureau of Financial Institutions in November 2008. It studied the impact of data security breaches on Maine banks and credit unions. Fifty credit unions and 25 banks headquartered in Maine responded to the survey. Financial institutions reported more than 18 million records breached last year, according to the Identity Theft Research Center. The San Diego-based nonprofit found that data breach reports across five industry sectors jumped to 656 last year, up 47% from 2007. About 12% of the reports came from financial-services firms, up from 7% in 2007. In Maine, the Hannaford breach resulted in more than $318,000 in gross fraud losses, according to data reported by 22 financial institutions. More than 700 accounts were used to buy items fraudulently, although five of the 22 institutions that suffered a fraud loss did not report the number of accounts, according to the report. The Hannaford breach cost some banks as much as $58,000 to reissue credit cards to customers. Investigation expenses cost nearly $30,000 for some banks. Communication to customers cost nearly $28,000, some banks and credit unions reported. Fraud losses of nearly $45,000 were tied to the TJX data breach. The losses were reported by six financial institutions. The expenses for reissuing credit cards cost some banks as much as $32,000. Investigation expenses were as high as $21,000 for some banks. Communication to custom

It's funny. Was it just a month ago that we were enjoying the holiday respite, wondering what 2009 would have in store for us? Mind you, I didn't have any delusions. After the breaches, news events and regulatory issues of 2008, I didn't think we were going to turn the calendar page and emerge in a new world of a healthy economy and soaring consumer confidence. But neither did I think, four weeks later, we'd already have our first major security breach of the year - Heartland Payment Systems (HPY) and that it would so dominate our industry's attention. I get it, though, why we're so enamored of this case. It speaks to our biggest fears, first of all, that unknown electronic assailants can sneak into our systems and pry away our customers' names and critical information. Then there's the unknown enormity - we truly don't know how big this breach was. And, finally, it hits home. For you, the banking institution, you're the one left replacing your customers' cards and explaining why. For me, the banking customer ... well, mine is one of the banks doing the explaining. Needless to say, we're monitoring accounts closely. So, we were among the first to break the Heartland story when it first broke last Tuesday, and we've continued to follow it closely. After the initial media surge, where we saw news outlets and solutions providers tripping over one another to opine over what they think happened to Heartland and what it all means, here is what I believe we've learned so far from the case: 1) The Damage Goes Far Beyond the Breach. Heartland execs absolutely did the right thing by stepping forward last week and saying "We were breached," but the company has suffered for it ever since. The market responded to the news by gutting the company's value from over $14 per share last Tuesday to a low of just under $8 this week. Reputationally, you just can't measure the damage - Heartland is now synonymous with "breach," and that's a tough tag to shake. Unable to answer quest

Customers of CVS' pharmacy will be able to import their prescription records into a Google Health account as a result of an expanded deal between the two companies. The deal was announced Monday. An earlier deal already allowed workers whose company uses CVS Caremark to handle drug benefits to use Google Health to store their drug records. The new deal expands this to customers of CVS' network of retail pharmacies. "We now offer all of our consumers the ability to download their prescription and medication history into their Google Health Personal Health Record, whether they are CVS/pharmacy customers, CVS Caremark plan participants or visitors to our MinuteClinic locations," said CVS Caremark Executive Vice President Helena Foulkes in a statement. "By enabling patients to download their prescription information directly into their personal health record, we are helping to close the gap in today's fragmented health care system and provide a full view of a patient's health." To use the tool, the companies said, consumers need to sign up for the prescription management feature on CVS.com as well as be authenticated. With the latest deal, Google said it now believes more than 100 million Americans will have the option of viewing their drug history within Google Health. Microsoft, which is also trying to sign consumers up for its HealthVault service, announced a deal with New York-Presbyterian Hospital on Sunday which will allow patients of that hospital system to export their records to a HealthVault account.

The new Obama Administration and a stronger Democratic party control of Congress set in the midst of a struggling economy and foreign policy issues, has created an interesting environment for legislation and regulations affecting customer interactions both federally and at state levels. While contact center-and-direct marketing-affecting issues such as offshoring, privacy, and telemarketing may haven been pushed offstage, they are not out of the hall. Ironically, economic pressures may shove them back into the spotlight as governments, especially states, seek ways to keep jobs and revenue sources, which contact centers provide. Federal Legislation Here is an examination of federal industry issues that lawmakers and regulators are and may be addressing in 2009: * Offshoring Federal lawmakers may reintroduce a bill similar to HR 1776, The Call Center Consumer's Right to Know Act, which would require contact center agents to disclose the physical location of such employee at the beginning of inbound and outbound calls. Firms would also have to annually certify to the Federal Trade Commission (FTC (News - Alert)) their compliance with such requirement. HR 1776 is an attempt to restrict offshoring by making customers aware that their calls may be going to or originating out of country. The bill's supporters hope customers and negative publicity would pressure firms to bring such jobs back to the U.S. The downsides are that such bills may significantly add to contact center costs in both onshoring and time spent location disclosing and in compliance, which would ultimately be paid for by consumers. In doing so bills like it that hike contact center expenses may also be self-defeating as they may result in fewer domestic jobs. "The particular type of disclosure contemplated by HR 1776 is a burdensome additional disclosure without clear benefit to the consumer," American Teleservices Association (ATA) CEO Tim Searcy told the House Energy and Commerce subcom

Promoting Privacy And Free Speech Is Good Business This Guide will help you make smart, proactive decisions about privacy and free speech so you can protect your customers' rights while bolstering the bottom line. Failing to take privacy and free speech into proper account can easily lead to negative press, government investigations and fines, costly lawsuits, and loss of customers and business partners. By making privacy and free speech a priority when developing a new product or business plan, your company can save time and money while enhancing its reputation and building customer loyalty and trust.

A list of user names and passwords for customers of Comcast, one of the nation's largest Internet service providers, sat unprotected on the Web for the last two months. The list was 8,000 lines long, but Comcast said late Monday that just 700 of those lines contained information for active customer accounts. Kevin Andreyo, an educational technology specialist in Reading, Pa., and a professor at Wilkes University, came across the list Monday on Scribd, a document-sharing Web site. Mr. Andreyo was reading a recent article in PC World entitled "People Search Engines: They Know Your Dark Secrets… And Tell Anyone," when he was inspired to find out what information about him was online. He searched for his own e-mail address on the search engine Pipl. The list on Scribd was one of four results, and it also included his password, which was a riff on his love for a local sports team. Statistics on Scribd indicated that the list, which was uploaded by someone with the user name vuthanhan2004, had been viewed over 345 times and had been downloaded 27 times.

Free Social Media Screening Ever wondered if you actually have customers on social networks? Try Rapleaf's free social media screening. We'll take a look at your customer base and tell you some basic information about whether or not you have customers on social networks. The Rapleaf Social Media Screening will tell you the following: * Percentages of your consumers that are active on sites * Gender breakdown of your consumers * Friend counts of your consumers Rapleaf's social media screening is a great way to get your feet wet in social media. It's also an easy tool to help you understand whether or not to conduct deeper research on your consumers across the social web by acquiring a full Rapleaf Report To get started, fill out the form to the right and submit a few test consumer emails to our system.

On Friday, Brunswick, Maine-based heating and hardware firm Downeast Energy & Building Supply sent a letter notifying at least 850 customers that the company had suffered a data breach. Downeast sent the notice after discovering that hackers had broken in and stolen more than $200,000 from the company's online bank account. The attack on Downeast Energy bears all the hallmarks of online thieves who have stolen millions from dozens of other businesses, schools and counties over the past several months. In every case, the thieves appeared more interested in quick cash than in pilfering their victims' customer databases. Nevertheless, the intrusions highlight an additional cost for victims of this type of crime: complying with state data breach notification laws. "This is something new to us, fortunately, but we have responsibilities under Maine statute to report these things to our customers and employees," said the company's president, John Peters, in an interview with Security Fix. At least 44 other states and the District of Columbia have similar data breach notification laws. Sometime prior to September, attackers planted keystroke logging malware on Downeast's computer systems, and stole the credentials the company uses to manage its bank accounts online. Then, on or around Sept. 2, the hackers used that access to initiate a series of sub-$10,000 money transfers out of the company's account to at least 20 individuals around the United States who had no prior business with Downeast Energy. This type of crime is impossible without the cooperation of so-called "money mules," willing or unwitting individuals typically hired via Internet job search Web sites to act as "local agents" or "financial agents" responsible for moving money on behalf of a generic-sounding international corporation, legal experts say.The mules are then instructed to withdraw the cash and wire it via Western Union or Moneygram to fraud gangs overseas, typically in Eastern Europe.