THIRD PARTY
RISKS and THREATS
- fundamentals
last updated 2011 Jan 18
 
. This page used in the following courses taught by Prof. Richardson
.
BIT 801 MGD 415
MGT C11
.
 
 
 
LEARNING
OBJECTIVES
  • understand the role of Third Parties in validation, verification and privacy policies
  • identify the role of the government in Third-Party Sharing / Selling of Data
  • appreciate the controversial issues in Web Linking re: 3rd parties
  • vulnerability to Third-Party supplier of services
.
 

Chpt 4
E-commerce and the role of Third Parties
Chpt 4, page 125
TRUSTe is a nonprofit organization that issues a seal to companies that comply with its rules of disclosure and informed consent
 
http://www.truste.com/ TRUSTe is an independent, non-profit initiative whose mission  is to build users' trust and confidence in the Internet by promoting the principles of disclosure and informed consent.
.
"Web sites displaying the TRUSTe  Privacy Seal are committed to abiding by a privacy policy  that gives users notice, choice, access, security, and redress with regard to their personal information."
 
. One of the critical areas that TRUSTe focuses on in their Public Relations is educating people about privacy issues. In fact, on their website they say "Education  is the number one priority in  privacy protection.
WTGR
.
Under the heading of education, TRUSTe has a section titled
TRUSTe's Privacy Protection Guidelines
- go there  www.truste.com/education/protection_guidelines.html
they have 6 points
1.      Read Privacy Statements.
2.      Seal Programs. 
3.      Credit cards. 
4.      Security. 
5.      Common sense. 
6.      Protect children
..
Third-Party suppliers CASE:
FaceBook

Jan 2011
UTM student Nikhita R. in MGD415 in 3rd week of January 2011emailed to say

I was just going through third party risks and I spotted a link on privacy issues for 2011 with regard to Facebook.

The website is : http://www.facebook.com/note.php?note_id=468265679423
author is  facebook.com/proofpoint 

It has a set of 10 points for Facebook's privacy issues. This deals with employee location information. This is easily available with the latest iPhone's Check in. Employee locations can be accessed easily and pose a threat to employer information. Exposure of data on social networks is much higher than ever as a quarter of the time spent on the internet is spent networking. With the new Facebook email a  greater threat is posed to the corporate email system. These are namely just two or three but there are 10 different types posted on this website.

I thought this was a relatively new concept with Facebook and its privacy issues. Since we are anyways dealing with privacy issues under third party risks I thought this could be a relevant issue to share with you.
..
.
Third-Party suppliers CASE:
FaceBook

Under the heading "Proofpoint's predictions for the top 10 privacy issues in 2011: "
Some of the interesting points made by  facebook.com/proofpoint are 

"1. The privacy and confidentiality of location-based information will become a major concern for both consumers and corporations. With the rise in mobile GPS information, companies will have to protect both personally identifiable information (PII) of employees, customers and partners, and also create new policies for handling location-based information. Not only will real-time information about location be a vulnerability, but companies will have access to information about where people (or their devices) spend much of their time."

"5. Blended threats will increase. While email is still the number one threat vector for personal information loss, threats from newer communications channels is increasing, especially in the form of blended threats where the target is first attacked through email, then directed to Web or social media."
..
Third-Party suppliers
UTM student Nikhita R. in MGD415 in 3rd week of January 2011
WTGR replies
Thanks Nikhita, as more and more people access the web through mobile devices, and as GPS technology is used in more and more applications, there will be an increasing number of situations where people are identified "geographically" as well as by addy and IP. This situation can be advantageous for marketing people because they can be more precise in advertising based on "where" potential customers are, but, like anything, the technology can have a security consequence that may put people at risk, or, at the least, compromise privacy issues.

And, I may add, as a fan of BlackBerry, I am interested to know how the companies products and services will be able to attract more customers away from iPhone because R.I.M. processes all their emails encrypted through R.I.M. servers, whereas iPhone emails are just open emails on the internet.
...
Third-Party suppliers CASE:
Canadian bank vulnerable to Third-Party supplier of services

June 2006
CIBC announced a rebate for thousands of customers who bought products available through their VISA card promo material.

Tara Perkins of the Toronto Star wrote
"CIBC spokesman Rob McLeod said the bank had arrangements with third-party companies that would offer merchandise to CIBC customers via inserts into Visa statements. The third-party customers would source the merchandise, developing pricing and produce the inserts, he said."

"Canadians who bought binoculars or blood pressure monitors after receiving brochures for the products in their CIBC Visa statements will be issued refunds, the Competition Bureau has announced... The bureau launched an investigation after receiving a complaint from a CIBC customer."

"...investigation found that two [Third-Party] companies responsible for the [CIBC VISA] sales brochures deceptively overstated the products' original prices to make the sale price look more attractive...A New York firm, Media Syndication Global, and a Paris firm, Havas SA, have agreed to issue partial refunds to purchasers of the products."
..
Third-Party suppliers
Canadian bank vulnerable to Third-Party supplier of services
 
KEY
POINTS		 Basically, what happened was a Third-Party firm in the U.S. was contracted by CIBC to send out stuff to CIBC VISA card customers. The Third-Party firm took the opportunity to solicit VISA customers to buy some items (one was a blood pressure monitor) by saying it was really really cheap and that it was a special low price for VISA customers.

In reality, the price offered was nothing special - nevertheless a couple of thousand people sent in their money for these monitors.

CIBC then got investigated when someone complained that the price of the monitors was not discounted they way it had been advertised, and the U.S. company is going to have to fork out a lot of money in rebates.
WTGR
.
.
KEY
POINTS
The competitive environment within the credit card industry is so intense that card issuing companies like CIBC must be very nervous about a situation where a Third-Party agency causes negative feelings among large numbers of customers.

The concern would be that these customers switch to a RBC VISA or even a Mastercard or some of the U.S. products such as MBNA

At the time this story broke (2nd week of June 2006) CIBC did NOT have any statements in the News Release section of their website apologizing to customers about this problem. It remains to be seen whether they can "get away with it" and keep most of these customers.
.
Third-Party Sharing / Selling of Data, 
Electronic Commerce: Security, Risk Management, and Control
Chpt 5, p. 156
by Greenstein

In Canada, our federal government has dealt with the consequences of Third-Party Sharing / Selling of Data by enacting Bill C6

We have a unit on Bill C6 in the context of Privacy, go to
 http://www.witiger.com/ecommerce/privacyissues.htm
.
.
CIBC logo freely available on their site at http://www.cibc.com/ca/press-centre/logos-images.html
.
witiger.com
   CONTACT I MAIN PAGE I NEWS GALLERY I E-BIZ SHORTCUTS I INT'L BIZ SHORTCUTS I MKTG&BUSINESS SHORTCUTS I TEACHING SCHEDULE
.
  MISTAKES ITEXTS USED I IMAGES I RANK IDISCLAIMER I STUDENT CONTRIBUTORS I FORMER STUDENTS I
.
.