Credit Card Data Breach you may not hear about for awhile

Here we go again seems rather pointless to say, but here we go again.

The latest news in this Data Breach can be found in this article in Dark Reading.

The basis of this breach is similar to another breach years ago involving a credit card processing company and the information that they possess.

This breach was found by Visa & MasterCard, and in their investigation they located a “sniffer” on their system. A sniffer basically is a malicious program that sniffs out the credit card numbers and sends back to the original scammers that installed it.

Mind you that this company SHOULD have been PCI compliant, but as of yet nobody knows if they were, or are.

This is yet another case of businesses not protecting the information that they have.
I don’t know yet if this company should have been implementing programs for the Red Flag Rules, but it would stand to reason that they would need to be compliant with those regulations along with PCI with the vast amount of knowledge that they possess on their system.

If you are overwhelmed by the processes as well as the potential mitigating factors involved with compliance feel free to contact me, if I can’t help you, I can surely find someone that can.

Again Wisconsin ignores the facts

I have been posting, talking, and pulling out my hair over the lack of understanding when it comes to safeguarding the taxpayers as well as the State of Wisconsin. And they continue to stick their heads in the sand, anyone remember what is exposed when you stick your head in the sand?

When talking to most of the persons in the State government I have been pushed off to the Feds, well I have had my contact with my Federal Representative, and he has forwarded my concerns to... My Local State Representative.

I know and understand that the wheels of government grind slowly at their best, but the obvious lack of understanding of the new regulations that are in place and are being implemented by the Federal Trade Commission, http://www.ftc.gov/, search Red Flag Rules, will be implemented for Creditors as well as Service Providers on May 1, 2009.

Mind you that date is the NEW date, since very few of the potential businesses that would be affected by this regulation were aware of the implications, let alone the fines for non-compliance of these regulations.

When I contacted the Governors office I was sent a letter that I should work with the Governors Aide for this, he has been informed that the State Department of Financial Intuitions has been aware of it, and is working on it... OK, problem is pretty simple, I was NOT trying to be sure the financial institutions had the information, but the rest of the agencies, DOA, DOR, and everyone else that needs to put safeguards in place in the form of Policies and Procedures that will address the very issue of Identity Theft, and the avoidance of being a victim of it.

I guess the persons in the government offices have a short memory, Wisconsin has suffered at minimum of 3 breaches of non-public Information (NPI) in the last 2 years.

The original Red Flag Rule went into effect November 1st, 2008, the Feds changed this to state the the Financial Institutions needed to be compliant, and that businesses that were not under the jurisdiction of the FDIC would have a grace period until May 1, 2009.

The Federal Trade Commission has estimated as many as 9 million Americans have their Identities stolen EACH YEAR.

As of 7/8/08 Americans spend upwards of $5 billion and 300 hours attempting to clean up from Identity Theft.

As of 7/8/08 U.S. Businesses lose $47.6 BILLION each year as a result of Identity Theft.

I understand we as a nation are in dire trouble with the economy, and Wisconsin is not immune as evident by the Governor stating that we need Federal bailout for our Budget.

NOW is the time that Identity theft could be devastating to any person, credit is already tight, imagine if your identity was stolen, and you were unable to get the credit you needed as a business, or individual?

Any Business that is either a Creditor or Service Provider may need to comply with the Red Flag Rules, and I invite those in our Government offices to thoroughly read the Rules, there is NO Exemption for Government offices, if you have non-public information that you gather, store or use you may be obligated to enforce the Regulations.

What this means for the small businesses out there? that they need to look at how they store, share and gather information, they need to have WRITTEN "programs" that expressly inform those that use that information what they can and cannot use.

Policies and Procedures are as varied as the businesses that need implement them, but it can be done with a nominal amount of time, with some help.