Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security and Privacy of Consumer Financial Information (The Gramm-Leach…
Security and Privacy of Consumer Financial Information
Business Challenges Facing Financial Institutions
Financial Institution collect and store very sensitive financial information
Targets of many attack, for example phishing
Different Types of Financial Institutions
Banks
Provides
Finance companies
Insurance companies
Saving and loans associations
Investment companies
Credit unions
Laws
The Bank Secrecy Act of 1970
The Gramm-Leach-Bliley Act
Fair Credit Reporting Act of 1970
Bank Holding Company Act of 1956
Consumer Financial Information
Address and telephone numbers
History of a person, for loans
Driver's license numbers
Spouse's employment and income history
Social security numbers
Name
Who Regulates Financial Institutions
National Credit Union Administration
Office of the Comptroller of the Currency
Federal Deposit Insurance Corporation
Federal Reserve System
Federal Financial Institution Examination Council (FFIEC)
Purpose
Conduct training for federal bank examiners
Make recommendations regarding bank supervision matters
Develop a uniform reporting system for federal financial institutions
Encourage the adoption of uniform principles and standards by federal and state banks
Establish principles and standards for the examination of federal financial institutions
Member agencies
Information sharing
Reports
Examiner education
Supervision
Consumer compliance
Surveillance systems
The Gramm-Leach-Bliley Act
Privacy rule
A financial institution may not share NPI with non-affiliated third parties unless the institution gives notice to the consumer
Safeguards rule
Protect against threats to the security of integrity of customer information
Protect against unauthorized access to or use of customer information that could result in harm to a customer
Protect the security and confidentiality of customer information
Main requirements
Requires financial institutions to protect nonpublic financial information
Pretexting rule
Pretexting is trying to gain access to customer information without proper authority to do so
This rule was designed to combat pretexting
Scope
Applies to all financial institutions
Oversight
The oversight of this act depends on the type of financial institution under review
Purpose
Defines a financial institution as any institution that engages in financial activities
Federal Trade Commission Red Flags Rule
Scope
Applies to financial institution and creditors that have covered accounts
Main requirements
Develop a written identity theft protection program
Purpose
To fight identity theft
Oversight
FDIC
OCC
Federal reserve system
NCUA
Payment Card Industry Standards
Scope
All merchants who except credit cards
Main requirements
Preventative, detective and corrective controls to secure credit cards
Purpose
To standardize requirement cause each card company had their own
Oversight
The PCI Security Standards Council
Examples
FTC privacy and safeguard rule enforcement
Credit card security example 1: Target
Credit card security example 2: TJX