Who are you? Removing the obvious existential questions for a minute, your identity is often represented as a bundle of personally identifiable information (PII). In the United States PII begins at birth with a name, date of birth, and social security number (SSN). This morning’s KrebsOnSecurity post details the unauthorized access of computer systems (via malicious code) at Lexis Nexis and Dun & Bradstreeet. Both of these organizations aggregate and sell consumer and business PII.
When PII is misrepresented, the experience for the true PII owner can range from unsettling to pure exasperation due to the fact that the victim’s virtual identity must be reclaimed and a consistently proven remediation roadmap still does not fully exist. A recent survey estimated that in 2012 over 12 million Americans were the victims of identity theft.
Fortunately, in addition to the standard PII definition a majority of states –such as California’s Penal Code §530.55 - now include credit card numbers and even computer media access control (MAC) addresses. The comprehensive definition and accompanying legislation is giving law enforcement the ability to charge suspects with identity theft and aggravated identity theft, but individuals still need to be aware of the risks and respond accordingly.
Below are five realistic almost universal U.S.-centric identity theft risk factors followed by guidance on proactively saving you those precious resources – time and money.
The Internet remains an environment where it is important to keep your wits. The recent indictment of nine individuals on stock fraud charges reminds us that the pump and dump scam continues to be perpetrated . Stock spam emails were particularly prevalent during the mid-2000’s, with these messages reportedly comprising 15% of all spam in 2006 . These messages sought to artificially increase demand for infrequently traded stocks so that fraudsters could unload cheaply bought shares at a profit to unsuspecting investors. Read More »
While there is a world of difference between a deck of 52 and a deck of credit cards, it is still wise to hold those payment cards close to the vest. A solid part of protecting those cards from prying eyes is ensuring your insurance firm is compliant with the Payment Card Industry’s Data Security Standard.
Is PCI compliance important to insurers? Every carrier CTO and CIO I have asked has said , “Yes, it is…and we are working on it now.” I’d venture to say, as with all compliance and risk management it is not a one-and-done effort, as regular reviews are required.
Today, April 14, 2011, Cisco announced its newest work in the area of helping companies across all industries comply with the PCI DSS 2.0 guidelines. And since the PCI DSS guidelines apply to all companies—including insurance—that transmit, process or store credit card transactions and cardholder information, I’ve recorded a video in which I discuss the PCI DSS standard and its applicability to insurance.
Cisco is at the table with its customers when it comes to enabling PCI compliance and is an active member of the Payment Card Industry Securities Standard Council’s Board of Advisors. We completed a new Cisco Design and Implementation Guide that includes 30+ Cisco and technology partner products that have been examined by an auditor.
Technologies involved in the assessment include core routing, switching and wireless, plus collaboration and physical security technologies.