Archive for Business Tools
AT&T Will Provide Internet Protocol Virtual Private Network (VPN) and Managed Security Services Under U.S. General Services Administration Networx Universal Program
OAKTON, Va., July 21 /PRNewswire-FirstCall/ — AT&T Government Solutions* business unit announced it has won a task order worth up to $350 million to provide Managed Security Services and deploy a Virtual Private Network (VPN) for the U.S. Department of Agriculture (USDA) Data Services.
The task order was awarded under the U.S. General Services Administration (GSA) Networx Universal contract vehicle. Under the terms of the task order, AT&T will utilize its transition planning and network management capabilities to complete a Department-wide managed IP network architecture that enables shared services across a new, unified infrastructure. AT&T will provide data services to over 5,000 USDA locations across the country.
The USDA has a geographically dispersed network, encompassing over 29 agencies and offices with a diverse set of objectives. The Cabinet-level agency is charged with serving our nation’s farmers, conserving natural resources, protecting the food supply, and serving millions of constituents who rely on the agency’s services.
“A growing demand to provide information in a secure fashion and on a global scale are key challenges that many federal agencies face today and tomorrow,” said Christopher L. Smith, Chief Information Officer, U.S. Department of Agriculture. “USDA Data Services is not only designed to meet these challenges via the deployment of a corporate data network, but also through close collaboration between USDA and its agencies. USDA will use the Networx program to transform our operations through new technologies so we can provide our customers with more advanced network services while also meeting the needs of our citizens.”
“The migration to a VPN architecture for USDA is not only a significant evolution of their network but an example of how the agency has been able to successfully execute its network vision,” said Jeff Mohan, Executive Director, Networx Program Office, AT&T Government Solutions. “Given our long-standing network engagement with USDA, and AT&T’s expertise in providing cybersecurity solutions to the federal government, AT&T can help the agency achieve the next-generation of its network so it can provide additional capabilities to not only its workforce but the citizens it serves in a highly secure manner.”
The foundation for the AT&T Data Services VPN solution is the state-of-the-art AT&T Multiprotocol Label Switching (MPLS)-enabled network, a fully managed, highly secure, scalable data network, which enables customers to incorporate leading edge applications on the network. This powerful foundation provides the secure, reliable VPN network best suited to support USDA needs for an IP-converged network connecting USDA’s sites nationwide.
As a recognized leader in network security, AT&T will also provide Managed Security services for USDA such as Managed Firewall, Intrusion Detection and Prevention, Managed e-Authentication Service, Vulnerability Scanning, Anti-Virus Management, Incident Response, Secure Managed e-mail, and Managed Tiered Security Services.
“USDA needs an approach to security that not only safeguards their data and other assets, but also identifies and stops cyber threats before they reach their network perimeter,” said Ed Amoroso, Chief Security Officer and Senior Vice President, AT&T Services, Inc. “AT&T’s cloud-based approach, coupled with our industry-leading Managed Security Services, provides USDA with a highly advanced cyber security solution ready to respond to the ever-changing threat environment.”
With the new architecture, the USDA will improve its ability to securely share information between its many nationwide offices and stakeholders, including businesses, state and local government partners, and public citizens.
AT&T, the incumbent data carrier for USDA, has been engaged with the Cabinet-level agency for several years. AT&T has deployed sites for the USDA Universal Telecommunications Network (UTN) VPN under the Federal Telecommunications Service 2001 (FTS2001) Crossover contract.
The USDA task order has a one-year base with six one-year options.
*AT&T products and services are provided or offered by subsidiaries and affiliates of AT&T Inc. under the AT&T brand and not by AT&T Inc.
CUPERTINO, Calif., June 21 /PRNewswire/ — Trend Micro announced today the latest major version of InterScan™ Messaging Security Virtual Appliance (IMSVA), newly built as a unique hybrid SaaS email security solution that integrates in-the-cloud protection and SaaS security services with an on-premise virtual appliance so email threats are stopped closest to their source without compromising email privacy while achieving significant management overhead, network bandwidth and data-center consolidation cost savings.
To view the multimedia assets associated with this release, please click: http://multivu.prnewswire.com/mnr/trendmicro/44683/
(Photo: http://photos.prnewswire.com/prnh/20100621/NY23230)
(Photo: http://www.newscom.com/cgi-bin/prnh/20100621/NY23230)
“With 90 percent of all email being spam, it’s no wonder companies are struggling to keep up with the increasing volume of emails overloading their networks,” said Steve Quane, Chief Product Officer, Trend Micro. “Our next-generation IMSVA unifies the ‘best of both worlds’: As one part SaaS offering, it does all the heavy lifting of blocking spam outside of the enterprise’s network and reducing email volumes up to 90 percent so that less bandwidth, servers and staff are required; as another part on-premise VMware Ready virtual appliance, it allows companies to customize to best meet their enterprise needs while retaining control and privacy over their emails, especially protecting sensitive data from leaving the network.”
IMSVA 8.0 is built as a hybrid offering to optimize the benefits of cloud security and virtual appliances, integrated into one solution. It builds upon Trend Micro’s extensive investment and expertise in SaaS and hosted security, as well as the company’s leadership status within reputation technologies. Since 2005, Trend Micro been pioneering IP-filtering and IP-reputation technologies.
This hybrid SaaS email security provides up-to-the-minute security powered by the Trend Micro™ Smart Protection Network infrastructure that scans, filters and correlates more than 20 billion emails, Web sites and files every day, and then leverages that data to rapidly identify and respond to emerging threats, and improve the existing response to known threats.
What’s NEW?
- Purpose-built as a hybrid, combining inbound in-the-cloud protection (so email threats are stopped before they hit the network) with on-premise VMware Ready virtual appliance to allow outbound granular content control and customization, and integrated with a unified single management/reporting console.
- Purpose-built to reduce up to 90 percent of email traffic in the cloud so that spam is eliminated before they reach the network. Customers get maximum, real-time protection against email threats without the burden of scanning a high volume of emails on their systems. No email is stored in the Trend Micro cloud and all quarantines are held locally, enabling customers to maintain control and privacy over their emails.
- Newly added Web Reputation technology scans URLs embedded in emails to determine if a link will lead to a malicious Web site that hides malware. Web reputation, a component of the Smart Protection Network, tracks the credibility of Web domains by examining factors such as a Web site’s age, historical location changes, and indication of suspicious activities discovered through malware behavior analysis.
Supporting quotes
“We chose Trend Micro’s messaging security solutions for their simplicity and efficiency. But with such a tremendous growth in spam, we’ve been considering a hosted email security solution to put on top of what we currently have,” said Michael Draeger, Field Support, IT, Silgan Containers, Inc. “This is why we’re intrigued by Trend Micro’s new and innovative hybrid SaaS email security – the ability to deploy an integrated hybrid solution from one vendor would definitely save us IT administrative time, help us reduce costs and keep spam off our networks.”
“According to Osterman Research, enterprises can save between 55 to 70 percent by moving from a homebrewed to an integrated hybrid email security solution,” said Michael Osterman, president and founder of Osterman Research. “In addition, those organizations that have yet to move to hosted/hybrid solution can save 30 to 40 percent by moving from a traditional on-premises hardware appliance to an integrated hybrid solution from Trend Micro”.
“Partnering with Trend Micro, a company synonymous with technology excellence and innovation, helps us provide a one-stop shop for business IT solutions,” said Dave Ladley, president of Communications Finance, Inc. “We believe Trend Micro’s latest hybrid SaaS email security solution will provide our customers with an even better, more effective way of protecting their email networks. This exciting new solution brings together the benefits of hosted email with virtual appliance for efficient email security.”
“The single most significant finding of the [Infonetics] survey was simply this: nearly half of respondents, a random sample of large e-mail environments, had pulled together a “do-it-yourself” hybrid on-premise/hosted solution,” said Jeff Wilson, principal analyst, network security, Infonetics Research. “So far, Trend Micro is the only security company that offers this kind of hybrid integration designed to reduce the bulk of unwanted email, while at the same time retaining customization capabilities, control and privacy all in one product.”
Supporting materials
- Commissioned by Trend Micro, Infonetics Research conducted a survey of 150 enterprise email administrators with at least 1,000 users in their email environments and discovered some compelling reasons why the hybrid approach is becoming so widespread. Read the full report here. .
- Trend Micro’s Chief Product Officer, Steve Quane, introduces the latest hybrid SaaS email security and explains why Trend Micro is changing the way enterprises are fighting spam. Watch the video here.
- Learn how the hybrid SaaS approach works within Trend Micro InterScan Messaging Virtual Appliance. Watch the product flash demo here.
- Visit IMSVA’s updated product page here.
- Link to media room for screen shots, box shots and press presentationshere.
North American Pricing & Availability
IMSVA Hybrid SaaS Email Security is priced with both a perpetual and subscription based pricing, and is currently available as part of theTrend Micro Early Adopter Program throughout Summer 2010. Pricing varies by seat count and decreases with volume. Perpetual Licensing Prices start at $20.23 per user for 1,000 users.
Trend Micro™ InterScan Messaging Virtual Appliance is part of Trend Micro™ Enterprise Security – a tightly integrated offering of content security products, services and solutions which is powered by the Trend Micro Smart Protection Network™. Trend Micro Enterprise Security delivers maximum protection from emerging threats while minimizing the cost and complexity of security management.
About Trend Micro:
Trend Micro Incorporated, a global leader in Internet content security, focuses on securing the exchange of digital information for businesses and consumers. A pioneer and industry vanguard, Trend Micro is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats. Visit TrendWatch at www.trendmicro.com/go/trendwatch to learn more about the latest threats. Trend Micro’s flexible solutions, available in multiple form factors, are supported 24/7 by threat intelligence experts around the globe. Many of these solutions are powered by the Trend Micro™ Smart Protection Network™ infrastructure, a next-generation cloud-client innovation that combines sophisticated cloud-based reputation technology, feedback loops, and the expertise of TrendLabs(SM) researchers to deliver real-time protection from emerging threats. A transnational company, with headquarters in Tokyo, Trend Micro’s trusted security solutions are sold through its business partners worldwide. Please visit www.trendmicro.com.
SOURCE Trend Micro
New York, NY, June 19, 2010 –(PR.com)– The Knowledge Group/The Knowledge Congress Live Webcast Series, the leading producer of regulatory focused webcasts has announced today that Solutionary, a managed security services provider will be a sponsor at the Knowledge Congress’ upcoming webcast entitled: “Cyber Threat Intelligence: Natural Evolution of Vulnerability Management” This 2-hour event is scheduled for August 12, 2010, Thursday, at 12:00 PM – 2:00 PM ET. (For further details of the event and an updated list of panellists, please visit: http://knowledgecongress.org/event_2010_cyber.html)
Event Synopsis:
Cybercrime has evolved from a mere exercise in intellectual one-upmanship among programmers to highly organized and sophisticated global criminal operations whose collective common objectives are as old as crime itself: to steal your company’s money. As a result, Cyber-attacks on companies are rising at meteoric rates & finance executives around the globe are being drafted into the front lines to help combat it.
While you are reading this, thousands of companies world-wide are being robbed by cybercriminals. Is your company one of the victims or will it be one of the victors? Join Combating Cybercrime for Finance Professionals Live webcast and arm yourself with the latest knowledge to stop cyber criminals before they stop you. Advanced registration is recommended as space is limited. Significant discounts apply for early registration.
About Solutionary
Solutionary is an MSSP (Managed Security Services Provider). The company assesses, manages, monitors, and correlates data, turning it into relevant, decision-making information that enables the execution of smart IT security actions to keep their clients safe. Solutionary’s patented technology, systems and process make their clients smarter. Solutionary calls this intelligent security.
For more information about Solutionary please visit: http://www.solutionary.com/
About The Knowledge Group, LLC/The Knowledge Congress Live Webcast Series
The Knowledge Congress is a series of live webcasts produced by The Knowledge Group, LLC, which examine trends, regulatory, and technology changes across a variety of industries. “We bring together the world’s leading authorities and industry participants through informative two-hour webcast that study the impact of changing regulations and help businesses succeed through proper regulatory compliance.” To contact or to register to an event, please visit: www.knowledgecongress.org.
MyCompanyIn30sec.com … Website Video Intros That Look Like Expensive Commercials
Posted by: | CommentsProducer of Super Bowl ads and Cannes Lion winners thinks it’s time that business websites “grab you and pull you in”
CHICAGO, June 9, 2010 — Garry Gassel believes his startup can give B2B/B2C websites that spark that many seem to be lacking. A Website Video Intro from MyCompanyIn30sec.com introduces sites with an emotionally impactful video, using state-of-the-art motion graphics, video/film, and music/audio production … professional quality that rivals a national TV spot, but at a small fraction of the cost.
“The first impression you get from most business websites is like a glorified brochure – a lot of good info to read, maybe some PowerPoint-type animation, but nothing to really excite you,” says Gassel. “Besides high production value, the key is to effectively distill the who-what-why into 30 seconds, which is basically what I’ve been doing for many years.”
He certainly seems to have the credentials; the Super Bowl and Cannes Lion successes are highlights of a 25+ year career as an ad agency producer that includes business-building campaigns for a long list of impressive
clients: Anheuser-Busch, McDonald’s, Procter & Gamble, S.C.
Johnson, Mars/Wrigley, Bayer, Nabisco, Stouffer’s, Hewlett-Packard, to name a few.
But Gassel says not to let his past high-profile clients scare you; while not quoting specific prices, he says he is well aware of the economies of the Internet, and that an extremely efficient production process keeps these videos affordable for most medium-to-large businesses/corporations … with a very broad-based B2B/B2C appeal; the professions, manufacturing, services, retail … potential across virtually all categories of American business.
Visiting MyCompanyIn30sec.com and seeing their latest work (an independent energy retailer and an aviation law firm), one notices the rather unique way in which these video intros are integrated into each client’s site … the videos initially come on as part of the homepage; when finished playing, they quickly fade off, seamlessly revealing the homepage’s remaining elements.
Gassel adds, “From entertainment sites, we are all aware of video’s unequalled ability to engage; it just makes sense to apply that captivating power, in a sophisticated way, to the business world.”
FlyCast Releases appMobi Open Source HTML5 App Gallery
Posted by: | CommentsLANCASTER, Pa., June 9, 2010 — FlyCast today announced a new open source library of demonstration mobile apps that were created with HTML5, CSS3 and JavaScript. As a supplement to Apple’s HTML5 gallery, these demonstrations illustrate how new web technologies can be used to create world-class compelling mobile experiences, obviating the need for Adobe Flash on mobile devices. The gallery can be viewed using iPhone, iPad or iPod touch by navigating to http://appmobi.com/gallery.
Created by FlyCast, appMobi is a cross-platform rapid mobile app development and deployment ecosystem. appMobi offers users the ability to “develop once” using HTML and JavaScript, then deploy to a variety of devices and operating systems, including iPhone, iPad, iPod Touch and Android tablets and phones. Apps created with appMobi are native apps, fully compliant with Apple’s SDK 4.0 terms of service.
Anticipating the upcoming release of Apple’s iOS 4, with its ability to play streaming radio in the background, appMobi also released source code that will allow any radio station to create a branded, multitasking native app that will run on Apple iPad, iPhone (all versions), iPod Touch, and any Android device.
appMobi is a new type of cloud-based “Software as a Service”
(SaaS) provider, offering its customers scalable, pay-as-you-go development and deployment tools, Amazon AWS edge-caching servers for hosted application deployment, PhoneGap support, analytics, in-app payments, and advertising. The source code posted today is offered under the MIT open source license.
For more information, visit http://www.appmobi.com.
About FlyCast
FlyCast was among the first to deliver streamed entertainment to the iPhone platform shortly after its inception, and continues to lead the way as a top ten application on multiple smartphone platforms, delivering over 2000 channels of entertainment to millions of users worldwide. FlyCast’s unique delivery architecture has been created to serve the needs of both consumers and content owners. Today’s announcement represents the first public disclosure of FlyCast’s new mobile content development and distribution technology. For more information, visit http://www.flycast.fm.
FlyCast is a registered trademark of FlyCast Inc. The iPhone, iPad, iOS 4 and iPod touch and related marks, images and symbols are the exclusive properties and trademarks of Apple Computer Corp. All other trademarks and trade names are the property of their respective owners.
IRVINE, Calif., June 9, 2010 — Today’s workplace environment reflects the excess that has occurred in the country, which has finally caught up with us.
“Whether it is obesity, taking medications, rampant healthcare costs or failed budgets at the personal, state or federal level – we can no longer ignore our lack of self control,” said J.R. Slosar, a psychologist and author of “The Culture of Excess: How America Lost Self-Control and Why We Need to Redefine Success” (ABC-CLIO: Praeger). “Nor can we ignore the reasons that contribute to it. Financial collapse and the great recession have forced workers to make changes for economic survival and to stay employed.
Companies that are rebounding are now faced with a rapidly changing culture that must redefine what ’success’ is. These cultural forces include the speed of technology, technology coupled with media and the risk-taking that comes with excessive capitalism.”
Understanding these trends and their impact on behavior has profound implications for the workplace.
Slosar explores and discusses these cultural trends and offers recommendations for everyone to develop a focused self-control and utilize good judgment and effective decision-making skills.
Here are some key points of the book that can help offset the fast and uncontrolled pace of today’s workplace.
1. Develop Quantitative Skills.
Today’s workers have much avoidance of numbers and anxieties surrounding math. This is reflected even with overall U.S.
scores in school in math and science. Employers desperately need people with math and quantitative skills. It is paramount for employers to help workers develop quantitative thinking and skills. The development of these skills has a carryover effect: the use of analytic thinking and better decisions. This is because this thought process is slower, more deliberate, and avoids the fast screen media impulsivity that leads to poor decisions.
2. Establish Boundaries and Limits.
Surveys show that one of the most prized workplace issues today is to have flexibility. Workers constantly want to not have fixed hours, to work at home, and to have much flexibility in their schedules. Unfortunately, this contributes to a less structured and diffuse environment that contributes to less self-control. Employers (like
parents) have to set boundaries and limits. A young employee cannot grow and develop without boundaries and limits.
Employers seem to think that productivity increases with flexibility because workers are happier. Slosar points out that the primary culprit in declining self-control reflected in increased risk-taking and cheating, is the lack of boundaries and limits. He states: “In an era that prized deregulation, we have deregulated our internal mechanisms of self-control.”
3. Develop New Measurements of Success.
Total emphasis today in business is usually on quantity and dollar figures, that is, the proverbial bottom line. It is important for decision makers to develop qualitative measures and show how they relate to workplace improvement.
Today’s new model of success is more refined and qualitative. It results in finding ways to improve efficiency, develop better customer relations, and making things safer, easier, and more efficient at work. If it makes life easier, it will surely be noticed and improve the “bottom line.”
The dramatic changes that have come from The Great Recession demand a new perspective and a new model of success. What is more important is that improvement in the above areas will develop an efficient, healthy and productive workplace.
The Culture of Excess is available on Amazon in hard cover and Kindle. It is also available from the publisher (http://www.ABC-CLIO.com). Discussion and blogs are available at his web page: http://www.cultureofexcess.com
SYDNEY–(BUSINESS WIRE)–iPOWOW!, a developer of market research tools for gathering viewer opinion through online video, will host an interactive demonstration of new technology that collects real-time consumer insight at this year’s CeBIT Australia. The session, part of the WebForward Conference, will be led by iPOWOW! General Manager APAC, Ettienne Fourie.
“How to Read Your Customers Minds With the Latest Digital Technology”
“How to Read Your Customers Minds With the Latest Digital Technology” will give conference attendees a firsthand look at unique audience polling that leverages real-time viewer interaction with online video. They will also experience how this technology is being applied to today’s critical business devices, including mobile phones, tablet PCs and digital signage.
“This is Australia’s premier technology event,” said Fourie. “CeBit connects information technology experts with top executives from around the globe seeking the most effective and cost-saving tools for developing marketing and communications strategy. We think this session showcases what’s possible when you turn any online video into an interactive experience.” According to a recent comScore report, over 30 billion videos were viewed online in March alone.
CeBIT Australia is the leading business event in the Asia Pacific region for Information and Communications Technology driving business strategy. CeBIT Conferences takes place this week, May 24-26, Sydney Convention & Exhibition Centre, Darling Harbour, Sydney.
The “How to Read Your Customers Minds With the Latest Digital Technology” session will take place on Wednesday, May 26 at 11:35am-12:05pm at the Web Forward Conference. For more information, please visit http://www.cebit.com.au/2010.
How a Security Response Plan Can Help Your Business Expect the Unexpected
Posted by: | Commentsby Lesley Fair
Taking steps to protect personal information in your files and on your computer can go a long way toward preventing a security breach. Nevertheless, breaches can happen. That’s why the Federal Trade Commission (FTC) recommends that companies have a plan in place to respond to security incidents before they occur. Putting together a “What if?” action strategy now may help reduce the impact an information breach can have on your business, your employees, and your customers.
Here are some tips from the FTC about customizing your company’s security response plan.
- View from the top. Senior management sets the tone for any organization’s commitment to data security. That’s why drafting, coordinating, and implementing your company’s response plan isn’t a job for a newcomer. Designate a well-respected senior official to head up your response team. Select someone with a reputation for working well with every part of your operation — sales, financial, personnel, information technology, etc. — and give him or her a “hot line” to the head of the company.
- Put a plan in place. Once you’ve put together your response team, have them draft contingency plans for how your business will respond to different kinds of security incidents. Some threats may come out of left field; others — a lost laptop or a hack attack, to name just two — are unfortunate, but foreseeable.
- Trust your gut. Experience sharpens intuition. If your staff suspects a breach, investigate it immediately. Waiting days to convene a committee or “run it up the corporate flagpole” can waste precious time.
- Pull the plug. If you suspect a computer breach, immediately sever the compromised computer’s access to the Internet and to your network. To assess the impact, ask your IT staff to preserve any available network logs, file transfer logs, system logs, and access reports. Investigate if intruders opened files or placed new programs on your computer. Did they release viruses or other malware? By diagnosing the damage and retracing the fraudsters’ steps, you can help your company shore up unanticipated vulnerabilities.
- Making contact. Consider whom to inform in the event of an incident, both inside and outside your company. You may need to notify consumers, law enforcement agencies, customers, credit bureaus, and other businesses that may be affected by the breach. In addition, about 40 states have laws addressing data breaches. Have that information on file before you need it.
For more information, read Protecting Personal Information: A Guide for Business.
Lesley Fair is an attorney in the FTC’s Bureau of Consumer Protection who specializes in business compliance.
by Tiffany George and Pavneet Singh
The expression “red flag” signals “Danger: Be alert to problems ahead.” For millions of consumers every year, identity theft is more than a threat — it’s their reality. The economic, psychological, and emotional harm to victims can be devastating. But businesses often bear the biggest part of the monetary damage from identity theft.
It’s everyone’s responsibility to do what they can to fight identity theft. But businesses and organizations that offer credit or other financial services can be the first to spot the red flags that signal the risk of identity theft, including suspicious activity indicating that identity thieves may be using stolen information like names, Social Security numbers, account numbers, and birth dates to open new accounts or raid existing ones.
Under the Red Flags Rule, which went into effect on January 1, 2008 *, certain businesses and organizations are required to spot and heed the red flags that often can be the telltale signs of identity theft. To comply with the new Red Flags Rule — enforced by the Federal Trade Commission (FTC), the federal bank regulatory agencies, and the National Credit Union Administration (NCUA) — you may need to develop a written “red flags program” to prevent, detect, and minimize the damage from identity theft.
Are you covered by the Red Flags Rule? If so, have you put into place the new procedures the Rule requires?
Who Must Comply
Although every business or organization with an ongoing relationship with consumers should keep an eye out for the possibility of identity theft, the Red Flags Rule applies only to “financial institutions” and “creditors.” To determine if your business or organization is covered by the Rule and required to develop a written identity theft Program, you’ll need to answer two questions:
- Is your business or organization either a “financial institution” or “creditor,” as those terms are defined in the Rule?
- If so, do you have “covered accounts”?
A “financial institution” is a bank, savings and loan, credit union, or other entity that holds a “transaction account” belonging to a consumer. A “transaction account” is an account that allows the owner to make payments or transfers. Examples include checking accounts, savings accounts that permit automatic transfers, and share draft accounts. Another example would be a brokerage account that allows consumers to write checks.
Your business or organization is a “creditor” if you regularly:
- extend, renew, or continue credit;
- arrange for someone else to extend, renew, or continue credit; or
- are the assignee of a creditor who is involved in the decision to extend, renew, or continue credit.
Under the Rule, “credit” means an arrangement by which you defer payment of debts or accept deferred payments for the purchase of property or services. In other words, payment is made after the product was sold or the service was rendered. Some examples of creditors are finance companies, automobile dealers, mortgage brokers, utilities, and telecommunications companies. Even if you’re a non-profit or government agency, you still may be a creditor if you accept deferred payments for goods or services. However, simply accepting credit cards as a form of payment does not make you a creditor under the Rule.
If you determine you’re a financial institution or a creditor, the next step is to see if you have “covered accounts.” There are two types of covered accounts. One is an account used mostly for personal, family, or household purposes that involves multiple payments or transactions. Examples include credit card accounts, mortgage loans, car loans, margin accounts, cell phone accounts, utility accounts, and checking or savings accounts.
The other is one for which there is a foreseeable risk of identity theft. For example, one type of account that should be considered for coverage because it may be vulnerable to identity theft is a small business or sole proprietorship account. In determining whether you have such an account, consider the risks associated with how the accounts may be opened or accessed — i.e. what type of interaction and documentation is required — as well as your experience with identity theft.
If your business or organization is a financial institution or creditor, but does not have any covered accounts, you don’t need a program. But if you have covered accounts, you must develop a written program to identify and address the red flags that could indicate identity theft.
How To Comply
The Rule doesn’t tell you specifically what your red flags program must look like. Instead, it gives you flexibility to implement a program that best suits your business or organization, as long as it meets the Rule’s requirements.
Your starting point for developing a program is the Guidelines issued with the Red Flags Rule, available atwww.ftc.gov/os/fedreg/2007/november/071109redflags.pdf. (The Guidelines are on pages 63773-63774 of the document.) The Guidelines list the issues you must consider in developing and maintaining a program appropriate for your business or organization. You also should draw on your own experience and knowledge about identity theft risks in developing your program.
There are four basic steps to designing a program to comply with the Rule:
- Identify relevant red flags;
- Detect red flags;
- Prevent and mitigate identity theft; and
- Update your program periodically.
In addition, your program must spell out how it will be administered. The program should be appropriate to the size and complexity of your company or organization, as well as the nature of your operations.
Identify Relevant Red Flags
Under the Rule, financial institutions and creditors with covered accounts must develop a written program to identify the warning signs of identity theft.
The Guidelines describe the following categories of warning signs — red flags — that your program must identify and address:
- alerts, notifications, or warnings from a consumer reporting agency;
- suspicious documents;
- suspicious personally identifying information;
- suspicious activity relating to a covered account; or
- notices from customers, victims of identity theft, law enforcement authorities, or other entities about possible identity theft in connection with covered accounts.
When identifying red flags, consider the nature of your business and the type of identity theft to which you might be vulnerable.
Detect Red Flags
Once you’ve identified the red flags that are relevant to your organization or business, you must establish policies and procedures to detect them in your day-to-day operations.
For example, you may spot red flags when you verify a consumer’s identity, authenticate customers, monitor transactions, or verify requests for changes of address. Some red flags may seem harmless on their own, but can signal identity theft when paired with other events, say, a change of address coupled with the use of an address associated with fraudulent accounts.
Prevent and Mitigate Identity Theft
Your program must include appropriate responses to your red flags to prevent and mitigate identity theft. These responses could include monitoring an account, closing an account, not opening a new account, contacting the consumer when you spot a red flag, or a combination. Sometimes you may determine that no response is necessary. In other cases, certain events — such as a recent data breach, a phishing fraud that targeted your business or organization, or another suspicious activity — may raise the risk of identity theft and require specific preventive actions.
Update Your Program Periodically
Because identity theft threats change, your program must describe how you will update it to ensure that you are considering new risks and trends.
Administering Your Program
No matter how good your program looks on paper, the true test is how it works. Your program must describe how it will be administered, including how you will get the approval of your management, maintain the program, and keep it current.
According to the Rule, your program must be approved by your Board of Directors or, if your business or organization doesn’t have a Board, by a senior employee. The Board or designated senior employee also must approve any material changes to the program. Your program should include staff training as appropriate, and provide a way for you to monitor the work of your service providers. The keys are to maintain oversight of the program, keep it relevant and current, and ensure that all necessary members of your staff — from the boardroom to the mail room — are on board. A program that stays in a filing cabinet isn’t a good program.
Penalties for Noncompliance
Although there are no criminal penalties for failing to comply with the Red Flags Rule, financial institutions or creditors that violate the Rule may be subject to civil monetary penalties. But there’s an even more important reason for compliance: It’s just plain good business. It assures your customers that you are doing your part to fight identity theft.
Have questions about how health care providers can comply with the Rule? Email RedFlags@ftc.gov.
* On October 22, 2008, the Federal Trade Commission issued an Enforcement Policy statement that delays enforcement of the Red Flags rule until May 1, 2009 (http://www.ftc.gov/opa/2008/10/redflags.shtm). Although the Rule is in effect, the FTC will wait until May 2009 to enforce it. This does not affect enforcement of the address discrepancy and credit card issuer rules. Nor does it affect compliance for entities not under the jurisdiction of the Commission.
Tiffany George and Pavneet Singh are attorneys in the Federal Trade Commission’s Division of Privacy and Identity Protection.
