Group items tagged

Two Philadelphia law firms have filed class action suits on behalf of all cardholders in the U.S. who had their credit or debit card data stolen in the Heartland Payment System (HPY) data breach. This brings to three the total number of class action lawsuits filed against the Princeton, NJ-based payments processor. The law firm of Berger & Montague filed a class action suit in the U.S. District Court for the District of New Jersey, alleging Heartland's failure to safeguard cardholder data when the company's computer systems were hacked and cardholder data was stolen. Heartland says last year it processed 100 million card transactions per month, but an unknown number of cards were impacted by the breach. The law firm says fraudulent activity has occurred on some of those cards. The law firm alleges that Heartland's security measures and intrusion detection systems were inadequate. "Because of Heartland's inadequate data security, cardholders have had their card information compromised, have been exposed to the risk of fraud, have spent and will spend time to monitor their accounts and dispute fraudulent charges, and have suffered other economic damages," the law firm says in its statement regarding the suit. Berger & Montague were also co-lead counsel in the consumer class action suit brought against TJX Companies, which resulted in a $200 million settlement. The third class action lawsuit filed in February against Heartland comes from Sheller P.C. of Philadelphia, PA. Sheller's suit against Heartland has similar charges against the payment processor. Sheller P.C. also filed its class action lawsuit in the U.S. District Court for the District of New Jersey. Sheller P.C. has also filed a consumer class action suit against RBS WorldPay for its security breach that was made public on Dec. 23, 2008. Previously, Chimicles & Tilellis LLP of Haverford, PA filed suit in the U.S. District Court for the District of New Jersey on behalf of Woodbury, MN resident Alicia Co

Two firms certified to asses a company's compliance with the Payment Card Industry Data Security Standards (PCI DSS) have been placed under remediation by the PCI Security Standards Council. Two firms certified to asses a company's compliance with the Payment Card Industry Data Security Standards (PCI DSS) have been placed under remediation by the PCI Security Standards Council. "We have a contractual relationship with the PCI Security Standards Council and they can pull our certification at any time," Bates said, adding that the firm is working wholeheartedly to remedy the situation. Chris Konrad, senior vice president of client services at Fortrex, did not return a phone call seeking comment. Fortrex's business is U.S-based. The company is in its sixth year assessing service providers and merchants. In addition to being certified to conduct payment application quality security assessments, the firm sells risk management consulting services. It is a reseller in security vendor Qualys Inc.'s PCI Partner Program, according to the company website. Qualys said its "program gives partners generous margins based on their level of certification." The PCI Council launched its quality assurance program for assessors in September to address growing concerns from merchants about the quality of their assessments and other issues. Merchants have complained that some QSAs don't appear to have the technical skills necessary to conduct a thorough assessment. Other merchants have raised issues with QSA's pitching security products during the assessment process. Merchants that receive negative feedback are placed on probation and a revocation process is in place if assessors do not address the issues identified by the council.

Even as the Canadian government is fighting against "Buy American" policies that discriminate against Canadian firms, the federal government appears to be quietly continuing with policies that effectively block U.S. firms from winning some kinds of federal contracts. Case in point: a contract worth $150 million to help relocate nearly more than 18,000 public servants every year was awarded to the only Canadian bidder in mid-August. American firms were interested in the contract but say they were essentially blocked from the bidding because of a provision that personal information about Canadians cannot be stored on computerized databases outside of Canada. Canada Post, a Crown corporation, is about to award its own multimillion-dollar relocation services contract and it, too, has effectively blocked U.S. companies from bidding with a requirement that personal information be stored only on computers in Canada.

Emily Riley of Forrester Research presented a lot of data during her keynote presentation at today's OMMA Behavioral Conference but one point she made seemed rather salient to me: many of those marketers and data firms involved in behavioral targeting seem to skip over social media as a source of information. They might look at the data surrounding the usage of those sites but they seem to rarely do any actually monitoring, let alone interacting there. It reminded me of an experience I had with my wife. We once lived in a building where we didn't have much interaction with our neighbors, very little beyond an occasional wave in the hallway. We could, however see their mail mixed with ours and our landlord's. My wife began to notice that the landlord and our neighbor were starting to get similar envelopes from law firms. I, being the incurious mail sorter I am, didn't really think much of it. She, on the other hand, was convinced that one of them must be suing the other and was able to spin out some fairly detailed scenarios based on other clues from the hallway, the presence of exterminators one day, the thickness of paint on the front door etc. One day I encountered our neighbor in the hallway and did my customary wave. "Oh by the way," He said, "We're moving out next week." Oh really? He then regaled me with the entire story which involved a variety of things including an exterminator, paint thickness, and law firms. My wife and I were both able to glean essentially the same information. However if I had approached him and said, without any warning, "I bet you and our landlord are having one heckuva legal squabble," he probably would have punched me in the nose. I also believe that the ease with which I was able to get the whole story out of him suggests that had we interacted more it would have been I scooping my wife and not the other way around. These two approaches to gathering information are akin to the difference between following

Will monetary value increase the value of user's data on social networks?

Facebook and Twitter have helped make social networking a household word. Now they need to make money. Efforts to monetize the popular Internet services are increasingly a priority within the two companies, with Facebook Chief Executive Mark Zuckerberg and Twitter Co-founder Biz Stone outlining several initiatives at the Reuters Global Technology Summit in New York this week. And analysts and investors, in search of the next Google-like hit, are paying close attention to the breakneck speed at which Facebook and Twitter are adding new users. While the popularity of the two social media firms has yet to translate into the kind of revenue-generating machine that Google Inc developed with its search advertising business, some say Facebook and Twitter have become so central to the Internet experience that they are inherently valuable. "Both are new ways of communicating. And when you have a new way of communicating ... you benefit people enough so that there is going to be value there," said Tim Draper, managing director of venture capital firm Draper Fisher Jurvetson, noting that he regretted not having invested in either firm. In April, Twitter's website attracted 17 million unique visitors in the United States, up sharply from 9.3 million the month before. Facebook grew to 200 million active users in April, less than a year after hitting 100 million users.

The offshoring of business processes has become increasingly popular. Fueled by advancements in technology, the benefits of offshoring are primarily attributable to the savings from lower personnel costs at foreign locations. According to the Global Financial Services Offshoring Report 2007 by Deloitte & Touche U.SA LLP, over 75% of major financial institutions report offshoring a portion of their operations. Some economists estimate that up to one-third of total U.S. employment in services may ultimately be offshored (Steve Lohr, "At IBM, a Smarter Way to Outsource," The New York Times, July 5, 2007). Offshore entities often operate in developing countries such as India, China, Pakistan, the Philippines, and Vietnam. The offshoring of business processes generally takes two forms: outsourcing to an unaffiliated offshore entity (offshore outsourcing), or ownership and operation of an affiliated offshore entity (AOE). Many multinational companies have AOEs. For example, Accenture has more employees in India than in the United States; IBM is projected to have more than one-quarter of its workforce in India by 2010; and companies like General Electric, Eli Lilly, Google, and Microsoft are expanding their R&D centers in India and China (House Committee on Science and Technology, June 12, 2002). Offshoring and the Auditing Profession The potential benefits of offshoring have not been ignored by the accounting profession. In past years, several large public accounting firms began using AOEs to perform certain nonaudit procedures for their U.S.-based clients. For example, Ernst & Young uses AOE employees to prepare client tax returns (Vanessa Houlder, "E &Y Sends Compliance Work Offshore," Financial Times, July 11, 2007), and a number of accounting firms use AOEs to print documents for delivery to clients. The largest international public accounting firms have recendy begun testing the offshoring of certain auditing procedures on very large U.S. audit engagements to thei

In this video, Andre Gold, vice president and CISO of MoneyGram International, will discuss the basics of disaster recovery and business continuity planning, and define several general terms associated with disaster recovery and business continuity planning to help organizations develop a more accurate understanding. The text transcript of Gold's comments is included below. Andre Gold: Over the past four to five years, I've spent a lot of time in disaster recovery and business continuity planning as part of my role as the chief risk officer as well as the CISO for a couple major organizations. During that time, in working with those firms, I've had a greater appreciation of disaster recovery and business continuity planning, and I've learned that although BCP and DR are very important to firms, when its actually time to execute upon those respected strategies, many firms fail, and they fail fundamentally because they lose sight of the core elements of disaster recovery and business continuity planning. And with that, it's those core elements that we will be discussing today.

Banks and financial firms are placing more emphasis on internal threats to cut the flow of data leakage as a result of employee mistakes or workers disgruntled with layoffs and downsizing during the economic crisis, according to a recent survey. The report, "Protecting What Matters: The Sixth Annual Global Security Survey," is based on a Deloitte survey of 250 CISOs in the financial-services industry. It found that 36% of respondents believe the internal threat represents the greatest risk to organizations, compared to 13% who said external threats are the biggest concern. Mark Steinhoff, head of Deloitte's financial services security and privacy practices, said an organization's biggest mistake would be to let its guard down. While the number of security breaches may have declined over the last year, cybercriminals are not rationing back their efforts. "The number of breaches that are occurring are really at the hands of insiders and organizations are understanding that there is a real threat of malicious attacks and exposure of personal information by insiders," Steinhoff said. The failing economy may be driving the increased concern over insider threats, Steinoff said. "The climate we're in today causes concerns about disgruntled employees," he said. "We are seeing the layoffs and other forms of downsizing. Frankly with limited budget and less than satisfied employees, it really raises the parameter on that threat." Human error is the leading cause of information systems failure, and is likely to be the main cause of security attacks in the near future, according to 86% of those surveyed. To protect against employee mistakes that lead to a breach, financial firms should focus on risk rather than compliance to protect themselves, Steinhoff said. "[Organizations] need to look at what they want to protect and look at various types of threats internally and evaluate who has access to the data and who has access to which system, and approach it from that persp

A top affliction of privacy professionals is the growing complexity of privacy laws. The number of jurisdictions regulating data privacy and the number of other laws in which privacy provisions are tucked has increased with no letup since 2000. Like the Lilliputians in Gulliver's Travels, the tiniest jurisdictions are now lassoing their privacy ropes around the mightiest of corporations. Where does this leave those who are charged with keeping their organizations privacy-compliant? Desperately looking for a way to organize news about all of these developments. I recently surveyed the landscape of possible solutions to this problem. What did I find? Three different approaches: free Web sites, newsletters and news feeds; fee-based periodicals; and fee-based databases, such as Nymity's PrivaWorks, Cecile Park Publishing's DataGuidance and law firm Morrison and Foerster LLP's Summit Privacy. What were the pros and cons of each approach? Free sources Privacy leaders with no budget will want to exploit what's free, including these options: * Morrison & Foerster's Privacy Library, probably the most comprehensive and current free online listing of privacy laws in 95 countries. * Law firm Baker & McKenzie's annual Global Privacy Handbook, which is distributed to clients and friends. * Computerworld's own Security Newsletter, which offers a regular look at news about the technical threats to personal data. * The International Association of Privacy Professionals' Daily Dashboard, Canada Dashboard Digest and monthly Inside 1to1: Privacy. These are the best available free news feeds on privacy.

Banks and cellphone companies have a long way to go to persuade U.S. consumers to use their cellphones for banking, as many worry about security and extra fees and others are not even aware they can. In a survey of about 500 U.S. consumers, accounting firm KPMG found that only about 9 percent had tried mobile banking. In comparison, about 76 percent "consistently use" online banking services on computers. As many as 95 percent said they were so uncomfortable with conducting financial transactions on their phones that they've never used them to make a purchase on a retailer's Web site. About 48 percent of respondents cited security and privacy worries as their reason for not banking on their cellphones, according to KPMG. While many respondents said they believe mobile banking is important, according to the accounting firm, they do not think it is important enough to pay extra for it. Roughly 19 percent of respondents said they are "somewhat likely" to a use a mobile device for online banking in the next 12 months but only seven percent said are willing to pay a nominal fee for cellphone banking, according to the survey. And even though most of the major U.S. banks offer a mobile banking service, about 68 percent of the survey respondents said their bank does not offer the service. "The fact that the majority of U.S. consumers are not aware that their current banks offer mobile banking is clearly more perception than reality," said Carl Carande, a principal in KPMG LLP's Advisory and Banking and Finance practices. Banks offering mobile services include Citigroup Bank of America and Wells Fargo.

Big Brother may be at it again. Behavioral advertising - the tracking of consumer's Internet surfing activity to create tailored ads - has triggered an intense legal controversy that has law firms scrambling to stay on top of a burgeoning practice. Attorneys say that behavioral advertising is raising privacy, litigation and regulation fears among consumer advocates, the electronic commerce and advertising industries and legislators. Law firms are busy helping companies come up with a transparent way of letting consumers know that their online activities are being tracked and possibly shared. "Lawmakers and companies are having a tough time keeping up with this new frontier of Internet privacy issues, and there is growing consumer unrest about behavioral advertising, leading in some cases to consumer rebellion," said Lisa Sotto, a partner and head of the privacy and security data group in the New York office of Richmond, Va.-based Hunton & Williams. "Consumers find this type of tracking intrusive, and businesses are starting to take the consumer reaction seriously," she said. The buzz over behavioral advertising has been building since congressional hearings that were held last year, during which Congress called on Internet service providers (ISPs) to testify about a highly controversial advertising practice known as "deep-packet inspection." The practice gives companies the ability to track every Web site consumers visit and provides a detailed look at everything they're doing, such as where they're going on vacation, who is going, how much they spent on the trip and what credit card was used. But then came the first class action targeting behavioral advertising, filed against Foster City, Calif.-based NebuAd Inc., an online advertising company accused of spying on consumers from several states and allegedly violating their privacy and computer security rights. The lawsuit specifically alleges that NebuAd engaged in deep-packet inspection. Valentine v. Ne

If practice makes perfect, it's no wonder commercial pilot Chesley B. (Sully) Sullenberger III was able to save the day last week, guiding a malfunctioning jetliner over New York City and landing it safely in the Hudson River. It turns out Sullenberger was well trained for the job and had been studying crisis management. The Associated Press' Amy Westfeldt says Sullenberger, 57, of Danville, California, is a former fighter pilot who runs a safety consulting firm in addition to flying commercial aircraft. Westfeldt says Sullenberger is president of Safety Reliability Methods, a California firm that uses "the ultra-safe world of commercial aviation" as a basis for safety consulting in other fields. "When a plane is getting ready to crash with a lot of people who trust you, it is a test," Civil engineer Robert Bea told Westfeldt. "Sully proved the end of the road for that test. He had studied it, he had rehearsed it, he had taken it to his heart." The pilot "did a masterful job of landing the plane in the river and then making sure that everybody got out," Mayor Michael Bloomberg told AP. "He walked the plane twice after everybody else was off, and tried to verify that there was nobody else on board, and he assures us there was not. He was the last one up the aisle and he made sure that there was nobody behind him."

On Monday, U.K.-based digital rights organization Open Rights Group submitted an open letter to major online media players, urging them to prevent ISP-level behavioral targeting firm Phorm from tracking user interactions on their Web sites. The letter, sent to Google, AOL, Microsoft, Facebook, Yahoo, Amazon and Ebay, said, "[ORG] believes that it is clearly in your company's interest, it is in the interests of all of your customers, and it will serve to protect your brand's reputation, if you insist that the Phorm/Webwise system does not process any data that passes to or from your website." "We have received the letter and are giving it careful consideration from privacy and business perspectives," a spokesperson for AOL and its social network Bebo told ClickZ News. Similarly, in reference to the ORG correspondence, a Google spokesperson told ClickZ, "We've received the ORG's letter, but we're still considering the points they raised, so we don't have a response to make at this time." According to information published on the British Telecom Web site (one of Phorm's ISP-partners,) site owners can specifically request that their properties are not "scanned" by Phorm's technology, by contacting the firm directly. Phorm announced deals with three major U.K. ISPs over a year ago, but its technology is still yet to be fully deployed. BT has, however, carried out live trials of the platform with some of its customers. Phorm's CEO, Kent Ertugrul, claims that BT will implement his company's technology by the end of the year, but BT itself remains less committed to that timeline. Both AOL and Google have vested interests in the behavioral targeting space, although not in the controversial area of deep packet inspection (DPI), in which Phorm's technology lies. AOL-owned Tacoda targets ads based on users' activity across a range of partner sites, but does not directly intercept ISP-data. Google also announced this month that it will begin testing similar behavioral targe

The new Obama Administration and a stronger Democratic party control of Congress set in the midst of a struggling economy and foreign policy issues, has created an interesting environment for legislation and regulations affecting customer interactions both federally and at state levels. While contact center-and-direct marketing-affecting issues such as offshoring, privacy, and telemarketing may haven been pushed offstage, they are not out of the hall. Ironically, economic pressures may shove them back into the spotlight as governments, especially states, seek ways to keep jobs and revenue sources, which contact centers provide. Federal Legislation Here is an examination of federal industry issues that lawmakers and regulators are and may be addressing in 2009: * Offshoring Federal lawmakers may reintroduce a bill similar to HR 1776, The Call Center Consumer's Right to Know Act, which would require contact center agents to disclose the physical location of such employee at the beginning of inbound and outbound calls. Firms would also have to annually certify to the Federal Trade Commission (FTC (News - Alert)) their compliance with such requirement. HR 1776 is an attempt to restrict offshoring by making customers aware that their calls may be going to or originating out of country. The bill's supporters hope customers and negative publicity would pressure firms to bring such jobs back to the U.S. The downsides are that such bills may significantly add to contact center costs in both onshoring and time spent location disclosing and in compliance, which would ultimately be paid for by consumers. In doing so bills like it that hike contact center expenses may also be self-defeating as they may result in fewer domestic jobs. "The particular type of disclosure contemplated by HR 1776 is a burdensome additional disclosure without clear benefit to the consumer," American Teleservices Association (ATA) CEO Tim Searcy told the House Energy and Commerce subcom

Online advertising firm Phorm is pressing ahead with plans to launch more than a year after it first drew criticism from some privacy advocates. Phorm executives will meet with members of the public on Tuesday, following a similar meeting in 2008. The service has proved controversial for some campaigners who believe it breaks UK data interception laws. The firm received clearance from the Home Office and police closed a file on BT trials of the technology. "We have been supported or endorsed by all of the leading stakeholders," Phorm chief executive Kent Ertugrul told BBC News. "Ofcom, the Information Commissioner's Office, the Home Office, leading privacy advocates like Simon Davies, the advertising industry and publishers have all backed our service," he said. He added: "We are very, very happy with where we are one year on." Trawling websites Phorm's system works by "trawling" websites visited by users whose ISPs have signed up to the service and for whom the technology is switched on, and then matches keywords from the content of the page to an anonymous profile. Users are then targeted with adverts that are more tailored to their interests on partner websites that have signed up to Phorm's technology.

Big Brother may be at it again. Behavioral advertising -- the tracking of consumer's Internet surfing activity to create tailored ads -- has triggered an intense legal controversy that has law firms scrambling to stay on top of a burgeoning practice. Attorneys say that behavioral advertising is raising privacy, litigation and regulation fears among consumer advocates, the electronic commerce and advertising industries and legislators. Law firms are busy helping companies come up with a transparent way of letting consumers know that their online activities are being tracked and possibly shared. "Lawmakers and companies are having a tough time keeping up with this new frontier of Internet privacy issues, and there is growing consumer unrest about behavioral advertising, leading in some cases to consumer rebellion," said Lisa Sotto, a partner and head of the privacy and security data group in the New York office of Richmond, Va.-based Hunton & Williams. "Consumers find this type of tracking intrusive, and businesses are starting to take the consumer reaction seriously," she said. The buzz over behavioral advertising has been building since congressional hearings that were held last year, during which Congress called on Internet service providers (ISPs) to testify about a highly controversial advertising practice known as "deep-packet inspection." The practice gives companies the ability to track every Web site consumers visit and provides a detailed look at everything they're doing, such as where they're going on vacation, who is going, how much they spent on the trip and what credit card was used. But then came the first class action targeting behavioral advertising, filed against Foster City, Calif.-based NebuAd Inc., an online advertising company accused of spying on consumers from several states and allegedly violating their privacy and computer security rights. The lawsuit specifically alleges that NebuAd engaged in deep-packet inspection. Valentine v. Ne

A recent talk by some Federal Trade Commission officials confirms that the agency is taking a hard look at online advertising practices. Speaking at an American Bar Association conference, new consumer protection chief David Vladeck had harsh words for the behavioral targeting industry's current privacy practices. The "current approach is not working," he said, according to the law firm Arnold & Porter, which blogged about the speech. Vladeck reportedly said many companies' current practice of notifying users about online ad targeting and allowing them to opt out is inadequate, largely because people don't understand the policies. He's not the first to make this observation. Advocates and policymakers have said for years that privacy policies are incomprehensible even to sophisticated users. A recent study by UC Berkeley School also shows that the policies are filled with enough loopholes as to be meaningless. Meanwhile, consumer protection deputy Eileen Harrington, who also talked at the same event, reportedly called deep packet inspection the most dangerous form of data collection, according to a blog post by the law firm Perkins Coie.

"Bankers are playing with fire by increasing risk when taxpayer tolerance with financial bailouts has worn perilously thin, the International Monetary Fund warned. Managing director Dominique Strauss-Kahn reckons bankers may be in the throes of a "Mardi Gras" party of renewed speculation ahead of a looming regulatory crackdown. Yet the return of their old habits is dangerous. If a new financial crisis occurred in a few years" time, the public would be unwilling to support another round of massive bailouts, he told the Confederation of British Industry. Democracy itself could be threatened if banks went back to taxpayers with their caps in their hands. "In an atmosphere of increasing optimism, we see signs of old habits coming back. Risk-taking is on the rise," said Strauss-Kahn. "Right now, regulatory uncertainty is throwing up some perverse incentives. For example, it might be encouraging a risk-taking culture -- a Mardi Gras effect whereby financial institutions party now in expectation of lean times to come. "Clearly, this is dangerous, not least for emerging markets. And we may run out of time -- if we wait too long to implement these reforms, it might be too late." A second wave of rescues may simply not get through national legislatures, he added: "The political reaction would be very strong, putting some democracies at risk." IMF figures show the aftershocks of the 2008 crisis are far from over, with firms recognising only half of their losses worldwide. Yet despite the fragility of the financial sector, there is mounting evidence that traders are making hay before tougher regulatory standards come into force. Investment banking profits have soared this year, as firms make the most of ultra-low interest rates, money-printing operations and huge government bond issuance programmes. Strauss-Kahn argued countries need to act quickly to remove "regulatory uncertainty" -- ensuring bankers do not make the most of the current confusion over future standards

The House Energy and Commerce Committee is slated to vote Wednesday on legislation that would require strong security policies from firms that collect and store individuals' sensitive information and provide for nationwide notification in the event of a data breach. The bill was sponsored by House Energy and Commerce Commerce, Trade, and Consumer Protection Subcommittee Chairman Bobby Rush, D-Ill., and was tweaked to win his panel's approval in June, but more revisions are expected.

The House Energy and Commerce Committee is slated to vote Wednesday on legislation that would require strong security policies from firms that collect and store individuals' sensitive information and provide for nationwide notification in the event of a data breach. The bill was sponsored by House Energy and Commerce Commerce, Trade, and Consumer Protection Subcommittee Chairman Bobby Rush, D-Ill., and was tweaked to win his panel's approval in June, but more revisions are expected.

Companies that track consumer behavior on the Web for targeted advertising without proper consent are near their "last chance" to self-regulate, the head of the U.S. Federal Trade Commission said on Monday. Privacy advocates say regulations on big phone and Internet companies, such as AT&T Inc and Google Inc, are too lax, giving the firms excessive control over consumers' personal information. "From my perspective, the industry is pretty close to its last clear chance to demonstrate" that it can police itself, FTC Chairman Jon Leibowitz told the Reuters Global Financial Regulation Summit in Washington. Earlier this year, the FTC issued new guidance urging websites to tell consumers that data is being collected during their searches and to allow them to opt out. If companies fail to do a better job of making their privacy policies understandable to the average person, momentum will keep building for greater regulation, Leibowitz said. "It's really up to industry."