14
Ensure your organization is ready – when every second counts. Data Breach Services CUSTOMER HANDBOOK

Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

  • Upload
    others

  • View
    12

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

Ensure your organization is ready – when every second counts.

Data Breach Services CUSTOMER HANDBOOK

Page 2: Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

That’s the goal...Contents

B

© 2017 Trans Union of Canada, Inc. All Rights Reserved.

No part of this publication may be reproduced or distributed in any form or by any means, electronic or otherwise, now known or hereafter developed, including, but not limited to, the Internet, without the explicit prior written consent from Trans Union of Canada, Inc.

Requests for permission to reproduce or distribute any part of, or all of, this publication should be mailed to:

Law DepartmentTransUnion3115 Harvester Road, Suite 201Burlington, ON L7N3N8

The “T” logo, TransUnion, and other trademarks, service marks, and logos (the “Trademarks”) used in this publication are registered or unregistered Trademarks of Trans Union of Canada, Inc., or their respective owners. Trademarks may not be used for any purpose whatsoever without the express written permission of the Trademark owner.

transunion.ca

Product overview 5

Credit monitoring 7

Implementation 8

Online credit monitoring 9

Product walk-through 11

Frequently asked questions 17

Contact information 19

Appendix A: Online new user order flow 20

Appendix B: Landing page 21

Fraud compromise response service company information sheet 22

File Transfer Request Form 27

Customer Security

Page 3: Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

Data Breach Services | Customer HandbookData Breach Services | Customer Handbook

4 5

Trusted source for creditWe provide credit information services to 500 million customers worldwide.

500 MILLION

Page 4: Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

Data Breach Services | Customer Handbook

From January 2014 to December 2016, it is estimated that Canadians lost over $290 million to fraudsters.1

1 Source: http://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/04201.html

290 MILLION

6

Fraud is a crime that threatens every Canadian, regardless of their education, age or income. It’s important to be proactive and not wait until a breach happens to consider consumer impact. Putting an actionable program in place can preserve your business’ reputation, as well as prevent the loss of customers. The ability to notify and assist impacted individuals and get back to business as usual could make the difference be-tween solid recovery and grinding to a halt.

Credit Monitoring

7

Online

As a Data Breach Services customer, you have the option of choosing from one of two online packages available through either a Proactive or Response program.

These packages feature different levels of credit monitoring to accommodate your needs.

Data Breach Services

Options include:

• One year of unlimited credit monitoring including the following features:

→ Online access to the consumer’s

TransUnion credit report, updated daily

→ Online access to the consumer’s TransUnion Risk score, with analysis, updated daily

→ TransUnion credit monitoring with email alerts notifying when key changes occur on a consumer’s credit file

→ Unlimited access to credit management and identity theft prevention resources located in the online education centre

• One time report and score with 12

months of TransUnion credit monitoring service, with email alerts notifying when key changes occur on a consumer’s credit file

• Place fraud warnings on the file, which notifies a lender that the consumer data may have been compromised and to take appropriate action

• Place the affected consumer’s social insurance number into TransUnion’s High Risk Fraud Alert database, which notifies a lender that the consumer data may have been compromised and to take appropriate action

h

Page 5: Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

5With the proactive online credit monitoring package, you’ll see advantages through quicker turnaround times on service delivery. Specifically, you’ll receive codes promptly after notifying TransUnion of a breach event, plus the contracts and letters are already in place for rapid deployment. In addition, we can supply a monthly stock of codes to distribute in cases of small, one-off privacy events.

The proactive online credit monitoring program requires a minimum one-year commitment with an annual service ready-fee. You will be billed monthly for all services ordered.

With the response online credit monitoring package, you will receive codes promptly after the letter agreement is signed.

The response online credit monitoring program requires you commit to a minimum fee for any single breach. You will be billed one-time or monthly, depending on the service selected.

Proactive program description Response program description

PROACTIVE PROGRAM RESPONSE PROGRAM

ENTER CODE

XXXXXX

Data Breach Services | Customer Handbook

With these data breach product options, you’ll be able to respond to the unthinkable quickly, efficiently and effectively.

IMPLEMENTATION

8 9

Credit Monitoring

Online implementation

Page 6: Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

Data Breach Services | Customer HandbookData Breach Services | Customer Handbook

1010

For a better understanding of the outlined online features, please refer to the following service descriptions and images.

PRODUCT WALK-THROUGH

11

h)

Page 7: Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook

Credit Monitoring

Welcome to your Credit Monitoring Dashboard.From the Welcome page, consumers can quickly navigate to view their credit reports,credit scores, credit alerts and more.

12

Credit Monitoring

TransUnion Credit ReportThis sample snapshot of a consumer’s credit profile includes address, accounts, public record, employment, inquiries, and creditor contact information. The report can also be delivered with a credit score and comprehensive analysis that details the consumer’s credit standing.

13

Page 8: Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook

Credit ScoreThe score includes a ranking as compared to the national population – plus a detailedexplanation of what the credit score means.

Credit Monitoring

14

Credit Monitoring

Daily credit monitoringConsumers receive email notifications prompting them to login to their secure membership page and review the details of their alert. Credit alerts are triggered by critical credit report changes, including: fraud alerts, address changes, employer changes, new inquiries, potentially negative information (for example, late payments, new collections account), new accounts, and public records.

15

Page 9: Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

Data Breach Services | Customer HandbookData Breach Services | Customer Handbook

Credit Monitoring

Common program requirementsThe following are program requirements that pertain to all Proactive and Response online credit monitoring packages:

• The online credit monitoring program is offered only for the purpose of supporting security breaches; customers may not use the online packages for promotional or marketing purposes.

• A non-disclosure agreement must be signed by the customer, along with a letter agreement outlining the services selected.

• A copy of the affected consumer notification letter must be supplied to TransUnion for review and approval. Sample letter templates are provided at the back of this handbook for reference to help you formulate your response.

• Access code: (Activation code)

• Cannot be sold or shared with another company for distribution.

• Code is active for 90 days, or such other time period as the parties may agree; consumers will be unable to redeem services after this time period.

• Customer is responsible for communication of the code and all fulfillment information to their consumers.

• Code(s) will be released only to an authorized individual listed on the customer agreement.

• TransUnion assumes no risk of any misuse of the access code(s) after its delivery to the Data Breach Services customer.

• In the event that selected service requires TransUnion to obtain a list of affected consumers to action events, an FTP folder will be created and details shared with the customer for loading a file electronically

16

FREQUENTLY ASKED QUESTIONS

K17

Page 10: Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

Data Breach Services | Customer HandbookData Breach Services | Customer Handbook

Q: If the consumer has a “fraud alert” put on his or her file, how does the consumer request online credit monitoring?

A: The consumer may be required to call the TransUnion customer service team during the identity verification process so the consumer can be authenticated.

Q: Will the consumer need to input a credit card number or any other billing information to receive online credit monitoring?

A: No, the consumer will not be asked for a credit card. In addition, this service is not automatically renewed.

Q: How often is a customer’s credit report monitored for suspicious activity?

A: A customer’s credit report is continually monitored and updates are provided daily for critical changes.

18

CONTACT INFORMATION

Primary sales contact (prior to signed contract)

Implementation & Data Breach Specialists

Julie MannellaMajor Account ExecutiveConsumer Solutions(289) [email protected]

Steve MackayAccount ExecutiveConsumer Solutions(905)[email protected]

Learn MoreTo learn more about TrandsUnion’s Data Breach Services visit: www.transunion.ca/solution/data-breach-services or call us at 1-855-488-4636.

19

o

Page 11: Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook

Appendix A:

1. Navigate to transunion.ca/GCredemption and enter your 12-letter Activation Code (that was provided in your notification), into the designated field. Click on the “Click Here” button to continue.

2. Step 1 of 3, “Create Your Account”. Fill in the requested information and then click on the “Next” button to continue.

3. Step 2 of 3, “Provide Permission”. Select the “I Agree” radio button and then click on the “I Agree” button to continue.

4. Step 3 of 3, “Identity Verification”. A series of questions will be asked to ensure you’re really you. Answer the question by clicking on the appropriate box(es) and then click on the “Next” button to continue.

5. Upon successful completion of the three steps, you’ll be brought to the “Welcome” page where you can access all of the credit monitoring benefits provided to you.

Online New-User Order Flow

20

Appendix B:

My TransUnion Monitoring: transunion.ca/GCredemption

Landing Page

21

Page 12: Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

Data Breach Services | Customer HandbookData Breach Services | Customer Handbook

Fraud compromise response service company information sheetPlease complete and return this document with the TransUnion Mutual Non-Disclosure Form via email: [email protected].

Nature of Compromise (check all that apply)

Loss/Theft of Computer/Laptop

Computer Breach

Internal Collusion

Mail Fraud/Theft

Corporate Information

Company legal name ____________________________________________________________________________________________________________________________________

Doing business as ________________________________________________________________________________________________________________________________________

Physical address __________________________________________________________________________________________________________________________________________

Billing address _____________________________________________________________________________________________________________________________________________ (if different than physical addresss)

Main phone number ___________________________________________________________Main Fax Number ________________________________________________

Website address __________________________________________________________________________________________________________________________________________

Contact Details

Contact ____________________________________________________________________________Title __________________________________________________________________

Contact phone number _____________________________________________________Contact email address _______________________________________

Nature of Business ____________________________________________________________Date established ________________________________________________

CHECK ONE:

Public Organization Private Organization

Business license or articles of incorporation # _______________________________________________________________________________________________

Authorization By signature below, I (we) certify that all information provided to TransUnion whether on this form or any other forms, as well as any documents submitted by the Applicant, is complete and accurate.

Authorized Signature ___________________________________________________________________________________________________________________________________

Name __________________________________________________________________________________________________________________________________________________________

Date (yyyy/mm/dd) ______________________________________________________________________________________________________________________________________

Authorized Signature ___________________________________________________________________________________________________________________________________

Name __________________________________________________________________________________________________________________________________________________________

Date (yyyy/mm/dd) ______________________________________________________________________________________________________________________________________

23

Estimated Number of Victims _______________________________________________________________________________________________________________________

Social Insurance Number impacted _______________________________________________________________________________________________________________

Offer of assistance extended to impacted individual? Yes No

If you responded yes to above, please check all follow-up action you have taken that may apply:

Communicated the situation to your consumers/employees verbally

Communicated the situation to your consumers/employees in writing

Asked your consumers/employees to write into TransUnion

Provided your consumers/employees the phone number to contact TransUnion Victims of Fraud Services

Notified Equifax of the incident

Alerted/notified the press

Has this incident been reported to the police? Yes No

Police Report # _______________________________________________________Officer/Division ___________________________________________________________

Please list any police investigation details: _____________________________________________________________________________________________________

___________________________________________________________________________________________________________________________________________________________________

___________________________________________________________________________________________________________________________________________________________________

___________________________________________________________________________________________________________________________________________________________________

Page 13: Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook

[Date]

[Client Name][Client Address][City, Province Postal Code]

Dear [Client Name]:

At [insert company name here], we value our relationships and work hard to earn your confidence. Therefore, we promptly notify you and take immediate steps to correct any situation that may affect your relationship with [insert company name here].

On [insert date here], an incident resulted in a compromise of your personal information. [insert explanation/details of situation here].

We apologize for this incident, but want to assure you that we have taken steps to help protect you.

We recognize that you may have questions about this incident. First, we believe there is little chance that your information will be misused as [explain reason]. Also, we have contacted and requested the assistance of Trans Union of Canada, Inc. (“Trans Union”), one of Canada’s leading Credit Reporting Agencies.

Through TransUnion, we have arranged for a one-year subscription to an electronic credit monitoring service, at no cost to you. This credit monitoring service will notify you by email of any new credit related activity made on your credit history. Should an alert be received to your email, you will be able to review the information by logging on to the website.

To enroll, use your Internet browser to access the TransUnion website at:

English: www.transunion.ca/GCredemption

French: www.transunion.ca/GCredemption-fr

Enter the following personalized gift certificate code:

xxxx-xxxx-xxxx-xxx.

Note: Website addresses and gift certificate codes are case sensitive and must be entered exactly as shown above.

[# provided by TransUnion once Mutual Non Disclosure Agreement and Letter Agreements have been signed]

You will then be prompted to set up a user account including user id/password and will be asked to enter your e-mail address for alert notification (you must have an email address to take advantage of this service). If you currently have a membership with TransUnion, you will need to use your existing user id/password. Once your identity has been confirmed, you will be able to view your credit file online. We encourage you to take advantage of this service at our cost for one year.

We understand that you may be concerned about this matter. Let us assure you that we are now reviewing all systems and processes involved in this incident to guard against further issues of this type in the future.

If you have questions or concerns about this matter, please contact us at [insert company contact information here].

Thank you for your understanding and we apologize for any inconvenience this matter may cause you.

Sincerely,[insert company name here]

Sample Notification Letters

Sample Notification Letter CREDIT MONITORING GIFT CODE SOLUTION

24

THESE FORM LETTERS ARE PROVIDED SOLELY AS TEMPLATE TO ILLUSTRATE THE TYPE OF LETTER THAT MIGHT BE SENT BY YOUR ORGANIZATION TO AFFECTED INDIVIDUALS IN THE CASE OF AN OCCURRENCE/BREACH INVOLVING SUCH INDIVIDUALS’ PERSONAL INFORMATION. BECAUSE ANY RESPONSE TO AN OCCURRENCE/BREACH SHOULD ACCOUNT FOR THE ATTENDANT FACTS AND CIRCUMSTANCES, TRANSUNION NEITHER ENDORSES NOR RECOMMENDS THE USE OF THIS TEMPLATE (IN WHOLE OR IN PART) IN CONNECTION WITH ANY SPECIFIC OCCURRENCE/BREACH.

25

[Date]

[Client Name][Client Address][City, Province Postal Code]

Dear [Client Name]:

At [insert company name here], we value our relationships and work hard to earn your confidence. Therefore, we promptly notify you and take immediate steps to correct any situation that may affect your relationship with [insert company name here].

On [insert date here], an incident resulted in a compromise of your personal information. [insert explanation/details of situation here].

We apologize for this incident, but want to assure you that we have taken steps to help protect you.

We recognize that you may have questions about this incident. First, we believe there is little chance that your information will be misused as [explain reason]. Also, we have contacted and requested the assistance of Trans Union of Canada, Inc. (“Trans Union”), one of Canada’s leading Credit Reporting Agencies. At our request, TransUnion has placed a fraud warning on your file.

Placing this message on your file alerts credit grantors of your situation and recommends that they contact you before extending credit. This warning remains on your file for a period of 6 years and has proven to be an effective fraud protection tool and has been widely recognized by credit grantors since its inception in 1997. Please be advised that you have the right to contact TransUnion to have the flag upgraded to provide more detailed information to creditors, to change the warning on your file to include your home and work phone numbers, or to remove the warning, at your discretion. If you wish to have the warning removed or updated, you will need to notify the TransUnion office in writing. Please submit two pieces of photocopied identification (one of the pieces must have your current address and signature). For additional information please note that their website is transunion.ca.

[TransUnion posts the warnings once the Mutual Non Disclosure Agreement and Letter Agreements have been signed]

We understand that you may be concerned about this matter. Let us assure you that we are now reviewing all systems and processes involved in this incident to guard against further issues of this type in the future.

If you have questions or concerns about this matter, please contact us at [insert company contact information here].

Thank you for your understanding and we apologize for any inconvenience this matter may cause you.

Sincerely,[insert company name here]

Sample Notification Letter FRAUD WARNING SOLUTION

Page 14: Data Breach Services - TransUnion Canada · Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook Credit Monitoring Welcome to your Credit Monitoring Dashboard

Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook

26

[Date]

[Client Name][Client Address][City, Province Postal Code]

Dear [Client Name]:

At [insert company name here], we value our relationships and work hard to earn your confidence. Therefore, we promptly notify you and take immediate steps to correct any situation that may affect your relationship with [insert company name here].

On [insert date here], an incident resulted in a compromise of your personal information. [insert explanation/details of situation here].

We apologize for this incident, but want to assure you that we have taken steps to help protect you.

We recognize that you may have questions about this incident. First, we believe there is little chance that your information will be misused as [explain reason]. Also, we have contacted and requested the assistance of Trans Union of Canada, Inc. (“Trans Union”), one of Canada’s leading Credit Reporting Agencies. At our request, TransUnion has placed a fraud warning on your file.

Placing this message on your file alerts credit grantors of your situation and recommends that they contact you before extending credit. This warning remains on your file for a period of 6 years and has proven to be an effective fraud protection tool and has been widely recognized by credit grantors since its inception in 1997. A disclosure of your personal information to TransUnion was necessary in order to search and locate the appropriate file to place the fraud warning onto.

Please be advised that you have the right to contact TransUnion to have the flag upgraded to provide more detailed information to creditors, to change the warning on your file to include your home and work phone numbers, or to remove the warning, at your discretion. If you wish to have the warning removed or updated, you will need to notify the TransUnion office in writing. Please submit two pieces of photocopied identification (one of the pieces must have your current address and signature). For additional information please note that their website is transunion.ca.

In addition, through TransUnion, we have arranged for a one-year subscription to an electronic credit monitoring service, at no cost to you. This credit monitoring service will notify you by email of any new credit related activity made on your credit history. Should an alert be received to your email, you will be able to review the information by logging on to the website.

To enroll, use your Internet browser to access the TransUnion website at:

English: transunion.ca/GCredemption

French: transunion.ca/GCredemption-fr

Enter the following personalized gift certificate code:xxxx-xxxx-xxxx-xxxx.

Note: Website addresses and gift certificate codes are case sensitive and must be entered exactly as shown above.

[# & warnings provided by TransUnion once Mutual Non Disclosure Agreement and Letter Agreements have been signed]

You will then be prompted to set up a user account including user id/password and will be asked to enter your e-mail address for alert notification (you must have an email address to take advantage of this service). If you currently have a membership with TransUnion, you will need to use your existing user id/password. Once your identity has been confirmed, you will be able to view your credit file online. We encourage you to take advantage of this service at our cost for one year.

We understand that you may be concerned about this matter. Let us assure you that we are now reviewing all systems and processes involved in this incident to guard against further issues of this type in the future.

If you have questions or concerns about this matter, please contact us at [insert company contact information here].

Thank you for your understanding and we apologize for any inconvenience this matter may cause you.

Sincerely,[insert company name here]

Sample Notification Letter BATCH AND FRAUD WARNING SOLUTION

27

File Transfer Request Form

Only to be used when “Add Warning to File” or “Placing SIN into HRFA database” service have been selected.

Please fill out for any request to add, modify, or remove functionality for customer-facing purposes on the TransUnion GlobalScape EFT server.

Administrator Email ____________________________________________________________________________________________________________________________________

Used for: Password resets, troubleshooting

Employee Name ___________________________________________________________________________________________________________________________________________

Used for: Correspondence in lieu of email

Phone Number ____________________________________________________________________________________________________________________________________________

Used for: Correspondence in lieu of email

Existing UserID ___________________________________________________________________________________________________________________________________________

Existing Order Number ________________________________________________________________________________________________________________________________

Existing Products ________________________________________________________________________________________________________________________________________

Please determine if the requesting organization already has EFT access. Please answer ‘N/A’ only if customer

requires a new UserID AND only requires access to this new order

Employee Name ___________________________________________________________________________________________________________________________________________

Used for: Correspondence in lieu of email

Will this UserID be shared? Yes No

The administrator will be responsible for providing access to others as well as authorizing all password

resets if applicable.

Administrator’s Name _________________________________________________________________________________________________________________________________

Only necessary if answer to above is “Yes”.

Email alerts to: ____________________________________________________________________________________________________________________________________________

Used for the following alerts: “Successful upload”, “Output available”