Pages

Friday, October 14, 2005

Survey: Online retailers still sharing users' personal data - Computerworld

How safe is your mail?

One in six people's private personal data may have been compromised

Microsoft employee blasts 'fake' service pack

The hackers who can put your IT security to the test - vnunet.com

Don't Forget to Lock the Door

Bank hits back at phishing with security trial

Symantec to unleash 'Big Brother' on the world

Military foundation's website hacked-The Korea Herald

Congress agrees to split off DHS cybersecurity unit (10/13/05)

5,259 phishing sites in August 2005 | IT Facts

NASA Struggles to Fix Network Security Holes

Hacker Protection for Your Web Applications

Security experts warn of Windows worm - PC Magazine

Thursday, October 13, 2005

Protecting Customer Data: Grappling With Lost Data, Broken Trust

Still insecure about Net banking

Techworld.com - Secure servers compromised by SSL bug

Security Awareness Is the Public's Best Ally

CipherTrust Tackles IM Security

A Good Judge of Character

VoIP is not as secure as you think

US cybersecurity all at sea

Government must push on IT security - Computing

Staff 'need reasons' to believe in security

Energy Department auditors cite cybersecurity flaws at FERC

Tuesday, October 11, 2005

Liberty Alliance releases legal, privacy guidelines

Secunia - Advisories - BEA WebLogic 24 Vulnerabilities and Security Issues

Privacy Concerns, Expense Keep Fingerprinting, Eye Scans Out of U.S. ATMs

Control system security: whose problem is it?

N.C. State Professor Victim Of Online Theft

Careless Users Challenge Mobile Security

Cybercrime thrives in online underworld

Security management advances

Secure your PC and maintain your privacy

What Are Digital Vaults?

Man with 130 IDs steals 1m pounds

Slew of New IM Threats Reported

People: Your network's weakest link - ZDNet UK News

Extract value from compliance by concentrating on the broader security goals

Handhelds on fire WiFi on guard

Researcher lashes out at Oracle's security effort

Monday, October 10, 2005

The Four Most Dangerous Security Myths

A convicted hacker debunks some myths - Oct 7, 2005

Cyber Security Month Aims To Calm Consumers E-nerves

Bank ID-theft charges rankle privacy groups

http://www.bizjournals.com/industries/high_tech/e_commerce/2005/10/10/portland_story2.html


The Business Journal of Portland


From the October 10, 2005 print edition
Bank ID-theft charges rankle privacy groups
Andy Giegerich
Business Journal staff writer
Collectively, identity theft costs Oregonians $5 billion annually.

Individually, it could cost them between $9.99 and $15 a month in bank fees to protect their financial information.

Lenders offering the fee-based identity theft services say the safeguards help victims navigate several layers that only tangentially relate to their bank. It's thus necessary to charge administrative fees, the lenders say.

Advocates say the practice plays on consumer fears while offering extras that should come standard with normal bank accounts.

The protective services include insurance that helps recover, among other things, wages victims may lose as they rectify their theft-related problems.

"It's a value-added service, and consumers have the freedom to decide if they want to pay for it," said Bank of America spokesman Rich Brown of his bank's PrivacySource offering.

Cleveland-based KeyCorp has begun heavily touting its Privacy Matters service, for which it charges $9.99 monthly ($14.99 to individuals and their spouses).

Wells Fargo began offering its fee-based Select identity theft protection service last year for $12.99 a month. Bank of America also offers the PrivacySource credit monitoring system for $129 yearly.

The $50 billion-yearly identity theft industry affects 9 million Americans. In Oregon, the impact is estimated at around $5 billion yearly.

To fight it, KeyBank enlisted Atlanta-based Coverdell & Co. to create an identification theft-fighting package. The program offers prevention, detection, restoration and emergency cash coverage, said Martin Webb, KeyBank's Cleveland-based vice president of retail insurance.

The prevention aspect secures the customer's electronic data; the detection occurs through weekly fraud alerts.

The restoration component slashes the time in which Key informs multiple credit card carriers of any thefts. The offering further provides "an experienced, licensed investigator" who'll help restore both a client's identity and credit records.

Key's program further provides victims with $25,000 worth of insurance for lost funds and pays up to $500 per week in lost wages for four weeks.

Webb said about 5,000 customers across the country have so far purchased the services.

"That's a very good response, and we're seeing accelerated enrollments in the program," he said.

The Wells Fargo program mirrors the Key offering in several regards. Wells Fargo Select provides personal credit reports compiled from the country's three major credit reporting agencies: Equifax, Experian and TransUnion. The bank further monitors credit daily, quickly alerting customers to any discrepancies.

Wells offers up to $10,000 in identity theft insurance and provides "resolution specialists" who help victims reassemble their lives.

Neither bank would discuss how much the programs cost to administer.

Privacy advocates say they've long opposed programs in which banks benefit from their customers' misfortune.

Chris Hoofnagle, senior counsel for the Washington, D.C.-based Electronic Privacy Information Center, said the financial services industry "is expert at creating products out of problems they created. ... The credit reporting agencies, which have a legal obligation to ensure that your credit report is secure and accurate, place advertisements stoking fears about accuracy and security in order to sell credit monitoring services."

In terms of identity theft, Hoofnagle said banks want to turn the problems into a profit base. The institutions should instead expend resources toward ensuring that credit cards are more secure, he said.

Hoofnagle's group wants the Federal Trade Commission to make credit monitoring a free service for bank customers.

Beth Givens, director of the Privacy Rights Clearinghouse, a San Diego-based consumer advocacy group, takes a similar tack.

"My feeling is no one should have to pay for credit monitoring," she said. "If there's activity, the customer should be notified. It's as simple as that."

Givens pointed out that customers can receive one free credit report from each of the three main credit reporting agencies per year.

"You can order one every four months, and you don't have to pay subscriber fees to your bank," she said.

Givens added that she's no fan of the packages' insurance component. The lost wages section doesn't reimburse what victims spend mailing documents or copying paperwork, she said.

Some insurers offer low-cost policies, for $25 a year, she added.

Overall, Webb and Wells Fargo spokesman Tom Unger said their products help spot and solve problems more quickly.

"You can get the report annually for free, but if you're counting on that, it might be 365 days before you find out someone changed your address," Unger said.

Added Webb, "Certainly there's a cost associated with the bundling of the different products involved in the programs," including the insurance portion.

Unger, in explaining the program's fees, maintained that the arrangement helps customers deal with many parties, including credit card companies and other lenders.

"We not only deal with accounts at our bank, but accounts anywhere," he said. "It's a retail product and we think it has value and we've priced it fairly and appropriately."

One top industry analyst predicted banks could soon offer such programs as standard.

"Just because they charge today doesn't mean they'll charge tomorrow," said Jim Bradshaw, vice president and senior research analyst for D.A. Davidson's Lake Oswego office.

Consider, he said, online bill payment programs: "Those started out at $15.95 a month in some cases. Now, most banks are giving them away."

But because outside contractors often oversee the services, banks might face other issues. In working with Coverdell & Co., KeyBank has chosen a partner owned by Vertrue Inc. The Stamford, Conn., company, formerly known as MemberWorks Inc., collects and sells mailing lists of credit card issuers and banks.

"We do feel confident in the product meeting fully our compliance and privacy requirements," Webb said.

agiegerich@bizjournals.com | 503-219-3419

HOWTO: Bypass Email Filters

Visa CEO Says Laws, Incentives Needed to Improve Credit Card Data Security - Computerworld

Data Security Risks Missing From Disaster Recovery Plans - Computerworld

Security Log - Computerworld

IT risk too important to leave to CIO

IETF promises new configuration standard

Phishers Zero in on E-Banking

Microsoft: keeping security friends close, enemies closer

Web Application Firewall Evaluation Criteria - Web Application Security Consortium

Cops smash 100,000 node botnet - vnunet.com

A special budget for security

Bank of America notifying customers after laptop theft

How to secure Instant Messaging and improve communication

Visa to spend $200m fighting fraud

Preventing Identity Theft Online

Be aware of this Windows registry vulnerability

Symantec Internet Security Threat Report Identifies Shift Toward Focused Attacks on Desktops