Very informative, Ron. It makes it difficult for consumers/customers to know the various relationships between a company they do business with, and its 3rd party vendors. How are customers to be sure that it is safe and secure to do business with a company? I don't know how to answer that; do you have some advice?! (Recently, I've been purchasing locally with cash and check. I don't know how long this will last...) thanks, ---- rich
Good question. As far as cash and checks go, I was the victim of forged checks this past December. They acquired my account number, forged some checks, went on a spending spree while draining my checking account. I was covered by the bank but it certainly was a big surprise. I suggest you check your credit and banking accounts daily for anomalies. Forgery is an easy way to rob people. Your account number is on every check you write. I know for a fact that a lot of banks use this third party company. http://www.jackhenrybanking.com/online-and-mobile/pages/netteller-online-banking.aspx Not a lot anyone can do except hope the third party company is security aware as suggested in the article.
It's a failure of companies to properly vet third party vendors. Or in some cases, being cheap/lazy and outsourcing something that shouldn't be outsourced. If you outsource there should be standards/practices, with regulations on this. We see people hacked everyday by outsourced IT tech for example. No proper vetting, no proper oversight.. Just 'hire that company in India, it's cheaper!'.. Reckless.. These companies should face massive fines. Almost everything is compromised right now by the way. People will find out soon enough just how compromised. When it 'hits the fan' that's when changes will need to be made on a wide scale. Govt. weakening of encryption, and other security will only harm ALL OF US, we should be going the other way - strengthening security/encryption/privacy. There will be far reaching, negative consequences of our govt's shortsightedness.
I agree. An individual usually has no control over what the 3rd-party companies/vendors do. They can promise to do their best but still fail. Personally speaking, I can't possibly keep track of each and every company that I deal with to ensure that they keep up with security/privacy standards. If I need the service, I have to just take the risk. It's like when I choose to take a cab or a bus...I am practically entrusting my life to the driver.
It's really disgraceful that when a company was compromised they say it was 3rd party and not themselves who had the problem. They should be responsible for all 3rd parties they confided and 3rd party shouldn't be used as excuse. What they are responsible is whether their customer data are damaged or not, regardless of if it is 3rd party or themselves.