Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fine Tuned Machines Information Security in the Debt Collections Industry Securing Data Transmitted to External Partners March 13 th, 2010.

Published byElwin Hunt Modified over 9 years ago

Similar presentations

Presentation on theme: "Fine Tuned Machines Information Security in the Debt Collections Industry Securing Data Transmitted to External Partners March 13 th, 2010."— Presentation transcript:

1 Fine Tuned Machines Information Security in the Debt Collections Industry Securing Data Transmitted to External Partners March 13 th, 2010

2 Fine Tuned Machines XYZ, a Debt Collections Company The market leader Debt Collections firm with over $800 million in Market Capital Employs Debt Collections in many areas, including bankruptcy and credit debt, auto recovery, municipal accounts Purchases and manages debt for major clients such as Bank of America, Chase, HSBC, Toyota and GMAC Complies with Federal Trade Commission regulations: – Fair Credit Reporting Act – Fair Debt Collection Practices Act 3/13/20102MSIT 458 - FTM Group

3 Fine Tuned Machines XYZ Brand XYZ is a secured and trusted partner of many Banks and Finance Companies Strives to build relationships with the “debt sellers” Make debt sales “pain free” for the Sellers Ensure Data Security 3/13/20103MSIT 458 - FTM Group Employ scoring model on potential debt purchase to negotiate with the Sellers To achieve the goal of collecting on debts, XYZ is “in the business of purchasing information”

4 Fine Tuned Machines Business Problem 3/13/2010MSIT 458 - FTM Group4 XYZ is forced to use various data transmission and receipt methods set by some external partners to maintain strong relationships. Because of this, the XYZ must address each data transmission and receipt method in their security policy and focus on internal efforts to protect their data.

5 Fine Tuned Machines Data Flow for Debt Collections 3/13/2010MSIT 458 - FTM Group5

6 Fine Tuned Machines Data Transmission Methods Email FTP HTTP / Secured Website 3/13/2010MSIT 458 - FTM Group6

7 Fine Tuned Machines Business Process: Email 3/13/2010MSIT 458 - FTM Group7 Incoming Records from Debt Sellers Stored Locally: Hard drives and Servers Name SSN Debt Acct # Debt Amounts Phone Number Address

8 Fine Tuned Machines Email Transmission: External 3/13/2010MSIT 458 - FTM Group8 To Lawyers/ Courts To Third Parties

9 Fine Tuned Machines Email Transmission: Types of Threats 3/13/2010MSIT 458 - FTM Group9

10 Fine Tuned Machines Data Transmission Methods Email FTP HTTP / Secured Website 3/13/2010MSIT 458 - FTM Group10

11 Fine Tuned Machines FTP Channel: Purpose & Usage What is FTP? FTP: file transfer protocol (application layer) based on a client/server architecture that is used to transfer (download/upload) files over network (public/private). Company Profile: FTP > Usage (internal & external): frequently-heavily > Type of data: large files with highly sensitive PII > User community: wide diversity (business/technical) ~ 40 users > Landscape: software/hardware/network > Top concerns: Security, Automation, Intuitiveness, & Reliability 3/13/2010MSIT 458 - FTM Group11

12 Fine Tuned Machines FTP Channel: Current Challenges Pressing concern: – FTP is inherently not secure Common Attacks – Injection Attack – Bounce Attack – Brute Force Attack – Steal Attack 3/13/2010MSIT 458 - FTM Group12 Name: Troj/JSRedir-R Spreads: Web browsing Prevalence: High Detected: 04/30/2009 Category: Virus/spyware Type: Trojan

13 Fine Tuned Machines Data Transmission Methods Email FTP HTTP / Secured Website 3/13/2010MSIT 458 - FTM Group13

14 Fine Tuned Machines Forms of External Communication PACER – Use website to upload court documents Debt Sellers – Use secured websites to download/upload information in various formats Law Firms – Use of Automated Collection Controls document management outsourcing 3/13/2010MSIT 458 - FTM Group14

15 Fine Tuned Machines Hypertext Transfer Protocol (HTTPS) Used to create secure communication over an unsecure network. Not a new protocol per se, but a combination of HTTP over Transport Layer Security (TLS) over port 443. TLS uses RSA public key encryption in 1024 or 2048 bit key lengths. The client downloads a signed public key certificate with is authorized by a certificate authority. 3/13/2010MSIT 458 - FTM Group15

16 Fine Tuned Machines Possible Attack Vectors JavaScript (PACER) – Execution of malicious code that could exploit a security risk Web Browsers (PACER, Debt Sellers, Law Firms) – Malicious plug-ins can exploit user’s machines. Operating Systems (PACER, Debt Sellers, Law Firms) – Although this attack’s magnitude has been mitigated over the years, patch management and application is still an important security policy 3/13/2010MSIT 458 - FTM Group16

17 Fine Tuned Machines HTTPS attacks are possible! In September of 2009 a Microsoft API was exploited to create forged CA certificates. User accepted forged certificate automatically. This attack affected Internet Explorer, Safari, and Chrome before patch. Author of SSLSNIFF software demonstrated this attack! – His PayPal account was revoked after demonstrating the attack to eBay. Jerks! 3/13/2010MSIT 458 - FTM Group17

18 Fine Tuned Machines Consequences and Costs 3/13/2010MSIT 458 - FTM Group18

19 Fine Tuned Machines Legal Implications and Costs 3/13/2010MSIT 458 - FTM Group19 Major Fines are levied by the FTC for ineffective controls: Damaged relationships with Sellers could be catastrophic to XYZ (Brand Equity) FTC fines Rental Research Services $500,000 for “unfair acts or practices” in violation of FTC Acts.Rental Research Services FTC fines ChoicePoint for data breaches ranging from $275,000 to $500,000 on separate occasionsChoicePoint

20 Fine Tuned Machines Data Security Costs According to a study by the Ponemon Institute, “cost of a data breach rose for the fifth year to $204 per compromised record” 3/13/2010MSIT 458 - FTM Group20 Data Breach expenses are not occurring in companies as often as in the past In the same study, 42% of companies surveyed stated the biggest threat was “mistakes made by third party vendors and company partners” Largest breach: over 100,000 records = $31 million cost to the breached firm

21 Fine Tuned Machines Recommendation for XYZ and Data Security 3/13/2010MSIT 458 - FTM Group21 SLOW STOPGO

22 Fine Tuned Machines Unified Solution Policies Firewall Appliance – Proxy capabilities – IDS/IDP – Anti-virus scanning 3/13/2010MSIT 458 - FTM Group22 EmailHttpsFTP EmailHttpsFTP EmailHttpsFTP EmailHttpsFTP

23 Fine Tuned Machines Unified Solution Host Level Antivirus Client Software Specified User Accts 3/13/2010MSIT 458 - FTM Group23 EmailHttpsFTP EmailHttpsFTP EmailHttpsFTP

24 Fine Tuned Machines Solution Cost Analysis 3/13/2010MSIT 458 - FTM Group24 Estimated Users: 400 Total Sites: 3 Grand Total: $28,700

25 Fine Tuned Machines 3/13/2010MSIT 458 - FTM Group25

Download ppt "Fine Tuned Machines Information Security in the Debt Collections Industry Securing Data Transmitted to External Partners March 13 th, 2010."

Similar presentations

Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy.

IAPP CONFIDENTIAL Insider Leakage Threatens Privacy.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
(4.4) Internet Protocols Layered approach to Internet Software 1.

(4.4) Internet Protocols Layered approach to Internet Software 1.
Security Controls – What Works

Security Controls – What Works
Fine Tuned Machines Building a Strong Brand Image by Securing External Data Transmission A Review of Information Security in the Debt Collections World.

Fine Tuned Machines Building a Strong Brand Image by Securing External Data Transmission A Review of Information Security in the Debt Collections World.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.
Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.

Electronic Commerce. On-line ordering---an e-commerce application On-line ordering assumes that: A company publishes its catalog on the Internet; Customers.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Similar presentations

Ads by Google