by Katrina Greenwood | Jul 25, 2016 | Uncategorised
The Problem Since Microsoft’s release of Windows 10, in July 2015, excessive amounts of personal and usage data have been harboured from its users. Despite customers turning off all settings that may allow Microsoft to send data to their server in the US, user still have no control over this. Windows 10 harbours this information through their Cortana and Bing products. Windows 10 manages to do this by sending any ‘home searches’, ‘live tile’ searches as well as Internet inquiries via an unencrypted http data channel ‘threshold.appcache’. This is worrying as customers are not asked to consent to this. They aren’t even able to turn this feature off. There is also the issue of the unencrypted channel that leaves customers open to malicious actors. CNIL and Microsoft Since the French Data Protection Authority (CNIL) became aware of this seven online observations were carried out in April and June 2016. They have since questioned Microsoft Corporation on this. Microsoft interestingly said nothing to defend or deny the excessive data collection of Windows 10. They responded saying they were happy to comply with the CNIL and “understand the agency’s concerns fully and to work toward solutions that it will find acceptable.” Microsoft also address the reason behind the data being send back to the company’s US servers. They stated it was under the previously applicable ‘Safe Harbour Agreement’. Knowing now these regulations are no longer required they have said they will work towards the new requirements of the ‘Privacy Shield’ Despite these statements, the Chair of the Commission Nationale de l’Informatique et des Libertés (CNIL) issued a formal notice to Microsoft on...
by Bob | Feb 17, 2016 | Views
Here at Compliance3 we major on Contact Centres, and compliance. Our founders set up some of Britain’s first contact centres, or ‘call centres’ as they were called back in the day. We now work closely with major contact centres to help them improve and manage their compliance to regulations such as PCI DSS and the new EU General Data Protection Regulation (GDPR) that will replace Britain’s Data Protection Act. We are also, as you may have noticed, passionate about data security and we were recently warned about a disturbing new means of electronic pick-pocketing that exploits contactless or NFC (Near Field Communication) technology. I love technology – call me ‘Inspector Gadget’ – and I confess there’s something slightly cool and ‘James Bond’ about paying one’s bar bill with a swipe of an Apple Watch or iPhone – that is assuming your bar bill is under thirty quid. But a policeman friend recently sent me this photo of an electronic pick-pocket, purportedly taken on a London bus. The theft is simple, the thief simply has to register a ‘purchase’ on the NFC reader with a value of less than thirty pounds, then swipe the NFC reader past a trouser pocket that looks to have a wallet, and if there’s a contactless card in that wallet – kerching! Portable NFC readers (and copiers) are available on a well known auction site for under fifty pounds. Given that sometimes it’s impossible to avoid standing close to people, particularly on public transport, men might want to consider putting their payment cards in an inside jacket pocket, or investing in a wallet that offers NFC or RFID...
by Bob | Nov 12, 2015 | Uncategorised
London – 11th November 2015 Yesterday evening Compliance3 hosted their first seminar ‘The Future of Customer Data Security & Compliance’, kindly hosted by Shepherd & Webberburn in their prestigious offices overlooking St Paul’s Cathedral in London. Around eighty FinTech and Data Security professionals attended and enjoyed beer and pizza. Those present heard a fascinating mix of views and predictions from Ian Dowson from Willam Garrity Associates, Dr Nasir Hussain of Strategy Foresight Partners, David Nordell of New Global Markets, Iain Cameron – formerly of the Department of Trade and Industry, and John Greenwood, one of the founders of Compliance3. While the recent high profile data breach at Talk Talk was a hot topic of conversation, the presenters spoke at length about global data security challenges, and the real threat of cyber warfare. The event was filmed, and the videos can be viewed here....
by Bob | Oct 22, 2015 | Uncategorised
Experts Compliance3 highlight the technologies and processes continuously overlooked by contact centres which ensure card payment security By SLS Marketing – 22 Oct 15 London, 15th January 2015: Compliance3, a company that helps contact centres achieve and maintain PCI DSS compliance, has highlighted the technologies and processes contact centres should implement in 2015 to reduce the increasing risk of breaches, reputational damage and revenue loss. Ensuring card data is not ‘captured’: allowing card data to enter the business environment when exchanging data with trusting customers for payments, renders the merchant liable to extensive, expensive PCI DSS compliance obligations. Ideally, card data needn’t enter the business environment. Legacy recordings: using pause/ resume technologies to pause call recordings at the point of payment will allow card details to be provided to the advisor by the customer but they should prevent their storage, however many of these technologies are dependent on the advisor and are notoriously unreliable, meaning that many merchants may be storing card data unnecessarily. Implementing payment technologies such as DTMF or IVR: DTMF(Dual Tone Multi Frequency) uses the frequencies from handset keypad tones to determine which numbers have been entered, and IVR (Interactive Voice Response) is a voice-response technology that achieves the same purpose. Both solutions eradicate the risk of allowing the agent to capture card details. Applying the full PCI DSS programme: version 3.0 became mandatory from January 2015 and enables a business to be fully compliant with all card scheme requirements. Contact centres from small, niche operations to those representing major high street brands, despite a steep increase in “card not present” fraud, still need to embrace the...