The Foreign Corrupt Practices Act (FCPA) has been seemingly more newsworthy than usual recently (even impacting Hollywood elite), with somewhat conflicting accounts of the US cracking down on bribery both here and abroad, and the rationale for the US to accept some level of bribery for the sake of broader national interests.
The holiday season gave media and industry one more opportunity to discuss Mattel’s massive product recalls this year, and admittedly, I still find myself interested in the story.In this case, it was the World Business Council for Sustainable Development’s article calling out Mattel’s “Epiphany at Christmas”.
The revelation: “If it's got your company's name on it, it's your problem.”
With CardSpace and Higgins being in nascant and almost non-existent market adoption mode, you may wonder what authentication features you want to be looking for when shopping online. Usernames and passwords are a thing of the past: you can safely assume that you will use a computer to log in which has a keylogger or trojan capturing your keystrokes, and with it your username and password.
Savvy customers are increasingly turning towards online retailers and financial institutions which provide at least some form of multi-factor authentication to protect against password theft. The following list gives a compass to consumers and vendors to navigate the misty waters of online transactions.
Smart cards / USB tokens (very costly, high level of security, great user inconvenience)
Hardware based solution that contains applications, PKI certificates used to authenticate to a site. These cards can include a magstripe for physical access management and RFID proximity sensors.
Great article this morning in the Wall Street Journal about Goldman Sachs’ performance during the credit meltdown. The company has expectations of record income this year, while competitors are faltering left and right.
There are three important issues in this story — and in the sub-prime crisis in general — that all good risk management professionals know, and should keep in mind as often as possible.
McAfee released their “Virtual Criminology Report” earlier this year and warned thatthere is a growing threat to national security, as cyber espionage becomes increasingly sophisticated, moving from simple network probes to well-funded, well-organized, and possibly government backed operations. The intent is not only financial gain, but also political or competitive gain.
Some other interesting news items have appeared in the recent past.
The biggest privacy news lately has been about Facebook's Beacon program. The program was sharing information about purchases made on third-party partner sites with Facebook, even if the user was not signed into Facebook or had deactivated their account. Opt-ing out of the program was a challenge. Facebook, after several weeks has acknowledged their mistake (see above article). As more companies try new forays into online marketing, I expect to see more of these privacy insensitive developments. How can you prevent your organization from making such a blunder? Privacy impact assessments. All new business projects and plans that use or collect data in a new way should be reviewed with an eye for privacy. Ten out of 30 enterprises that I interviewed for research purposes, say that they do privacy impact assessments for all projects, but that still leaves 20 out of 30 who aren't monitoring their new endeavors. For an idea of what they involve, see how the US government has set up a privacy impact assessment program.
Please click on the graph below to see an enlarged version.
On 4 October 2007,The National Retail Federation (NRF) Chief Information Officer and Senior Vice President, David Hogan wrote a letter to the Payment Card Industry (PCI) Standards Council requesting that the card industry to stop requiring merchants to store complete card numbers.Currently, some merchants are required to keep credit card numbers for up to 18 months to satisfy card retrieval and dispute requests. The letter said, “"Instead of making the industry jump through hoops to create an impenetrable fortress, retailers want to eliminate the incentive for hackers to break into their systems in the first place." NRF proposes that credit card companies and their banks should provide merchants with the option of keeping nothing more than the authorization code provided at the time of sale and a truncated receipt, rather than requiring merchants to keep the data for an extended amount of time.