[ISN] GSA assessing charge card contractors’security policies

InfoSec News isn at c4i.org
Wed Mar 9 07:02:52 EST 2005 

http://www.gcn.com/vol1_no1/daily-updates/35251-1.html

By Jason Miller 
GCN Staff
03/08/05 

Under pressure from lawmakers to ensure federal charge card data is 
secure, the General Services Administration will review the security 
policies of the four other SmartPay contractors after Bank of America 
revealed late last month that it lost the records of 1.2 million 
federal employees. 

In a response to questions from Sen. Susan Collins, chairwoman of the 
Homeland Security and Governmental Affairs Committee, GSA 
administrator Stephen Perry said in a letter that the agency will 
ensure that Bank One of Wilmington, Del., Citibank of New York, Mellon 
Bank of Pittsburgh and US Bank of Minneapolis will "provide adequate 
protection for personal information of federal employees." 

Collins, a Maine Republican, wrote a letter to GSA and Bank of America 
last week asking how both organizations would ensure federal data is 
better protected [See GCN story] [1]. 

GSA and the Defense Department also will conduct a joint risk 
assessment to review Bank of America security procedures, Perry said. 
Bank of America lost more than 900,000 Defense employees' information, 
DOD officials said. 

GSA would not offer much detail on how they are conducting the review 
of SmartPay vendors or the joint risk assessment. 

"GSA is taking all appropriate steps to ensure that SmartPay 
contractors maintain security policies consistent with current 
industry standards," said MaryAlice Johnson, an agency spokeswoman. 
"We expect these activities to continue in the coming weeks."

Johnson added that GSA still is developing the timetable to conduct 
the evaluations. 

Bank of America also told GSA it has changed its method of handling 
SmartPay system back-up operations. Bank spokeswoman Alexandra Trower 
said the company does not comment on those procedures for security 
reasons. 

"We are continually improving our processes and procedures for 
handling our customer's information," she said. 

Bank of America also provided GSA with a list of names of the affected 
cardholders and is sending out a second letter to cardholders 
explaining how to obtain a free credit report and fraud alert. 

[1] http://www.gcn.com/vol1_no1/daily-updates/35170-1.html

More information about the ISN mailing list