The Federal Trade Commission (FTC) mailed reimbursement forms to more than 1,400 individuals identified as victims of the security lapses at the ChoicePoint data broker. FTC File No. 052-3069.
Continue reading "FTC Mails Reimbursement Claim Forms To ChoicePoint ID Theft Victims" »
A bank and related entities filed an action alleging that a group of unidentified "John Doe" parties engaged in a "phishing scam" that targeted e-mail recipients with false e-mail messages leading to fake Web sites in an attempt to induce them to transmit confidential financial information. First National Bank of Nebraska, Inc. v. Does, No. 8:06CV504, 2006 U.S. Dist. LEXIS 53881 (D. Ne. July 26, 2006).
Federal bank regulators issued a notice of proposed rulemaking concerning identity theft "red flags" and address discrepancies under under sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003.
New security guidelines issued by the White House Office of Management and Budget on June 23 require federal civilian agencies to implement new measures to secure digitized personal information on employees and U.S. citizens within 45 days. Exec. Order M-06-16 (June 23, 2006).
The time and money expended to monitor credit following a data theft does not satisfy the element of damages necessary to sustain an action for negligent maintenance of data. Forbes v. Wells Fargo Bank, N.A., No. 05-2409 (D. Minn. March 13, 2006).
The failure of a student loan processing firm to encrypt nonpublic customer data stored on a laptop stolen from an employee's home did not violate the firm's statutory duty under the Gramm-Leach-Bliley Act to secure customer financial information. Guin v. Brazos Higher Education Service Corp., No. 05-668 (D. Minn. Feb. 7, 2006).
The Telephone Records and Privacy Protection Act of 2006 has been signed into law. H.R. 4709 (109th Cong., 2d Sess.) .
Continue reading "Federal Anti-Pretexting Bill Signed Into Law" »
The Federal Financial Institutions Examination Council (FFIEC) issued a guidance stating that the use of single-factor authentication of customers as the only control mechanism in online banking transactions is "inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties." Authentication in an Internet Banking Environment, (FFIEC Oct. 12, 2005).This guidance addresses the need for risk-based assessment, customer awareness, and financial institutions' implementation of appropriate risk mitigation strategies including security measures to reliably authenticate customers accessing their financial institutions' Internet-based services. The guidance discusses a number of online authentication technologies, and suggests that banks not rely on single-factor authentication but rather utilize "multifactor authentication methods" that are stronger than any single-factor method.
The guidance is available at http://www.ffiec.gov/pdf/authentication_guidance.pdf
