Data Breach Overview Mike Schenk, VP Research and Policy Analysis

Slides:

Advertisements

Similar presentations

Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.

Advertisements

UNDERSTANDING RED FLAG REGULATIONS AND ENSURING COMPLIANCE University of Washington Red Flag Rules Protecting Against Identity Fraud.

ETA UNIVERSITY MARCH 19, 2015 Deana Rich R ICH C ONSULTING, I NC. Edward A. Marshall A RNALL G OLDEN G REGORY LLP Payments 101: Overview of the Payments.

Copyright © 2014 by Dr. Wendy Tietz. This work is licensed under a Creative Commons Attribution- NonCommercial 3.0 Unported License. Target, Data Breach,

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.

Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.

Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.

1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.

Visa Confidential1 Card Regulation; Pricing and Security Paul Russinoff State Government Relations.

© 2008 Smith Moore Leatherwood LLP. ALL RIGHTS RESERVED. Raising a “Red Flag”: Understanding the Fair and Accurate Credit Transactions Act, the “Red Flag”

Sample Check Register. Sample Blank Check Register.

Electronic Commerce Semester 1 Term 1 Lecture 22.

Joanna Stavins Senior Economist and Policy Advisor Federal Reserve Bank of Boston Presented to Northeast Acquirers Association January 21, 2015 U.S. Consumer.

REGULATION AND OPPORTUNITY JAY W. COAKLEY COAKLEY STRATEGIC SOLUTIONS LLC Overdraft Income.

Bank Card Protector Policy Frates Insurance & Risk Management By Thomas P Mulligan

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Macroeconomics that part of economic theory dealing with the economy as a whole and decision making by large units such as governments and unions Click.

1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.

1 Information and Systems Security/Compliance Security Day The Information and Systems Security/Compliance Program Dave Kovarik.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Chapter 4: Going into Debt

XML AND THE LEGAL FOUNDATIONS FOR ELECTRONIC COMMERCE: Making XML Pay: Revising Existing Electronic Payments Law to Accommodate Innovation Copyright (c)

Section 12-2-Regulatory Agencies and Laws.   These agencies make or enforce rules and regulations  Agencies provide oversight or supervision of activities.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Targeted Data  Integrated Solutions  Modeling & Analytics Equifax intelligence ® Data Security & Privacy DMNYC Luncheon, May 11, 2006 Chris Lynde – SVP.

Understanding the Fair and Accurate Credit Transaction Act, the “Red Flag” Regulations, and their impact on Health Care Providers Raising a “Red Flag”

Track II: Introduction and Overview of Financial Services and Information Technology Privacy Policy: Synthesizing Financial Services Industry Privacy David.

Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

© 2014 CustomerXPs Software Pvt Ltd | | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.

Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

1.7.3.G1 © Family Economics & Financial Education – Revised March 2008 – Financial Institutions Unit – Depository Institutions Funded by a grant from Take.

IDENTITY THEFT. Illegally obtaining personal information such as name, social security, drivers license, or mothers maiden name, address, bank/credit.

Protect Your Business Become a Hard Target. Where Are We Going?

Federal Reserve System. The Role of the Federal Reserve Provides financial services to the government Regulates financial institutions Maintains the payment.

Managing your Institution-Specific HIPAA Compliance Policies and Procedures Cutting Edge Issues Thursday, December 13, 2007.

ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Chapter 4: Laws, Regulations, and Compliance

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

By: Ted Worthington.  About TJ Max  Discovery  How the break in occurred  The Payment Card Industry-Data Security Standard  Lawsuit and Investigation.

Banking for Cognitive Aging and Dementia: Consumer Financial Protection Bureau Initiatives Naomi Karp, Senior Policy Analyst Consumer Financial Protection.

WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.

PRE- TEST #1 What is the function of the Federal Reserve System?

Federal Reserve Chapter 16 Section 2 Federal Reserve Functions.

Merchant Services for Website Paycron. About Paycon Paycron is purposive in meeting immediate solutions in crafting merchant account services and credit.

Welcome To. The Benefits of Accepting Credit Cards Businesses that have the ability to take credit card payments operate successfully. Whether you are.

Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.

Cyber Insurance - Risk Exposures and Strategic Solutions

Consumer Authentication in e-Banking & Part 748 – Appendix B Response Program Catherine Yao Information Systems Officer NCUA.

Take Charge of your Finances

Saving and Investing.

A checking account is an account held at a bank or credit union into which account owners deposit funds.

Financial Institutions – Cyber Risk

Emerging Payments Market Developments: Trends and Risks James Van Dyke, President and Founder Presented at the Federal Reserve Bank of Atlanta, November.

Gift Card Risk Mitigation – Presentation A

Module 3 Consumer Privacy.

EMV & Parking – 6 Months On

Regulatory Compliance

Take Charge of your Finances

Understand the banking system.

AFTER 20 YEARS, IT’S TIME TO UPDATE THE TELEPHONE CONSUMER PROTECTION ACT (TCPA). Howard Waltzman Partner

Cyber Trends and Market Update

Higher Education Privacy Update

WARNING: Privacy and Data Breach

Data Security Julie D. Wilson Sr

Take Charge of your Finances

A Secret Service Perspective on Credit Card Fraud

Getting the Green Light on the Red Flags Rule

Presentation transcript:

Data Breach Overview Mike Schenk, VP Research and Policy Analysis Credit Union National Association

MERCHANT DATA BREACHES Merchants do not follow strong data security requirements like credit unions Financial institutions, including credit unions, are subject to strict data security standards under the Graham-Leach-Bliley Act (GLBA). Retailers are not. All who hold personal data should be subject to strong federal security requirements. Congress should pass legislation that would impose data security standards on merchants to protect consumers and reduce criminal access to financial information. Nearly 60% of consumers expect to be a victim of data breach at some point

AMERICAN CONSUMERS NEED PROTECTION STRONG NATIONAL DATA PROTECTION STRONG NATIONAL DATA PROTECTION and consumer notification standards with effective enforcement provisions are needed to ensure sensitive data is protected. RECOGNITION OF ROBUST PROTECTION and notification standards that credit unions and banks are already subject to. PREEMPTION OF INCONSISTENT STATE LAWS and regulations in favor of strong federal data protection and notification standards. ABILITY OF CREDIT UNIONS AND BANKS TO INFORM members and customers about a breach, including where it occurred. SHARED RESPONSIBILITY for all those involved in the payments system for protecting consumer data. The costs of a data breach should ultimately be borne by the entity that incurs the breach.

Data exposed in 2017 breaches: 53% exposed SSNs 19% exposed Debit card/Credit card 37% exposed unknown records

CREDIT UNIONS HIT HARD: TWO EXAMPLES Target Data Breach 12/19/13: Target data breach announced (~41 million cardholders) CUNA survey: 1,112 responding credit unions by 2/5/14 Estimated 5.4 million CU debit and credit cards affected $30.6 million total costs in first 2.5 months Primarily card reissuance & administrative expenses Call volumes up by 25%+ at 37% of credit unions Nearly 40% report increasing staffing as a result Excludes any fraud losses after initial 2/5/14 Home Depot Data Breach 9/18/14: Home Depot data breach announced (~50 million cardholders) CUNA survey: 544 responding credit unions by 10/29/14 Estimated 7.2 million CU debit and credit cards affected $57.4 million total costs in first 1.5 months Primarily fraud and card reissuance expenses Call volumes up by 25%+ at 21% of credit unions Excludes any fraud losses after initial 10/29/14