Upload
others
View
12
Download
0
Embed Size (px)
Citation preview
Ensure your organization is ready – when every second counts.
Data Breach Services CUSTOMER HANDBOOK
That’s the goal...Contents
B
© 2017 Trans Union of Canada, Inc. All Rights Reserved.
No part of this publication may be reproduced or distributed in any form or by any means, electronic or otherwise, now known or hereafter developed, including, but not limited to, the Internet, without the explicit prior written consent from Trans Union of Canada, Inc.
Requests for permission to reproduce or distribute any part of, or all of, this publication should be mailed to:
Law DepartmentTransUnion3115 Harvester Road, Suite 201Burlington, ON L7N3N8
The “T” logo, TransUnion, and other trademarks, service marks, and logos (the “Trademarks”) used in this publication are registered or unregistered Trademarks of Trans Union of Canada, Inc., or their respective owners. Trademarks may not be used for any purpose whatsoever without the express written permission of the Trademark owner.
transunion.ca
Product overview 5
Credit monitoring 7
Implementation 8
Online credit monitoring 9
Product walk-through 11
Frequently asked questions 17
Contact information 19
Appendix A: Online new user order flow 20
Appendix B: Landing page 21
Fraud compromise response service company information sheet 22
File Transfer Request Form 27
Customer Security
Data Breach Services | Customer HandbookData Breach Services | Customer Handbook
4 5
Trusted source for creditWe provide credit information services to 500 million customers worldwide.
500 MILLION
Data Breach Services | Customer Handbook
From January 2014 to December 2016, it is estimated that Canadians lost over $290 million to fraudsters.1
1 Source: http://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/04201.html
290 MILLION
6
Fraud is a crime that threatens every Canadian, regardless of their education, age or income. It’s important to be proactive and not wait until a breach happens to consider consumer impact. Putting an actionable program in place can preserve your business’ reputation, as well as prevent the loss of customers. The ability to notify and assist impacted individuals and get back to business as usual could make the difference be-tween solid recovery and grinding to a halt.
Credit Monitoring
7
Online
As a Data Breach Services customer, you have the option of choosing from one of two online packages available through either a Proactive or Response program.
These packages feature different levels of credit monitoring to accommodate your needs.
Data Breach Services
Options include:
• One year of unlimited credit monitoring including the following features:
→ Online access to the consumer’s
TransUnion credit report, updated daily
→ Online access to the consumer’s TransUnion Risk score, with analysis, updated daily
→ TransUnion credit monitoring with email alerts notifying when key changes occur on a consumer’s credit file
→ Unlimited access to credit management and identity theft prevention resources located in the online education centre
• One time report and score with 12
months of TransUnion credit monitoring service, with email alerts notifying when key changes occur on a consumer’s credit file
• Place fraud warnings on the file, which notifies a lender that the consumer data may have been compromised and to take appropriate action
• Place the affected consumer’s social insurance number into TransUnion’s High Risk Fraud Alert database, which notifies a lender that the consumer data may have been compromised and to take appropriate action
h
5With the proactive online credit monitoring package, you’ll see advantages through quicker turnaround times on service delivery. Specifically, you’ll receive codes promptly after notifying TransUnion of a breach event, plus the contracts and letters are already in place for rapid deployment. In addition, we can supply a monthly stock of codes to distribute in cases of small, one-off privacy events.
The proactive online credit monitoring program requires a minimum one-year commitment with an annual service ready-fee. You will be billed monthly for all services ordered.
With the response online credit monitoring package, you will receive codes promptly after the letter agreement is signed.
The response online credit monitoring program requires you commit to a minimum fee for any single breach. You will be billed one-time or monthly, depending on the service selected.
Proactive program description Response program description
PROACTIVE PROGRAM RESPONSE PROGRAM
ENTER CODE
XXXXXX
Data Breach Services | Customer Handbook
With these data breach product options, you’ll be able to respond to the unthinkable quickly, efficiently and effectively.
IMPLEMENTATION
8 9
Credit Monitoring
Online implementation
Data Breach Services | Customer HandbookData Breach Services | Customer Handbook
1010
For a better understanding of the outlined online features, please refer to the following service descriptions and images.
PRODUCT WALK-THROUGH
11
h)
Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook
Credit Monitoring
Welcome to your Credit Monitoring Dashboard.From the Welcome page, consumers can quickly navigate to view their credit reports,credit scores, credit alerts and more.
12
Credit Monitoring
TransUnion Credit ReportThis sample snapshot of a consumer’s credit profile includes address, accounts, public record, employment, inquiries, and creditor contact information. The report can also be delivered with a credit score and comprehensive analysis that details the consumer’s credit standing.
13
Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook
Credit ScoreThe score includes a ranking as compared to the national population – plus a detailedexplanation of what the credit score means.
Credit Monitoring
14
Credit Monitoring
Daily credit monitoringConsumers receive email notifications prompting them to login to their secure membership page and review the details of their alert. Credit alerts are triggered by critical credit report changes, including: fraud alerts, address changes, employer changes, new inquiries, potentially negative information (for example, late payments, new collections account), new accounts, and public records.
15
Data Breach Services | Customer HandbookData Breach Services | Customer Handbook
Credit Monitoring
Common program requirementsThe following are program requirements that pertain to all Proactive and Response online credit monitoring packages:
• The online credit monitoring program is offered only for the purpose of supporting security breaches; customers may not use the online packages for promotional or marketing purposes.
• A non-disclosure agreement must be signed by the customer, along with a letter agreement outlining the services selected.
• A copy of the affected consumer notification letter must be supplied to TransUnion for review and approval. Sample letter templates are provided at the back of this handbook for reference to help you formulate your response.
• Access code: (Activation code)
• Cannot be sold or shared with another company for distribution.
• Code is active for 90 days, or such other time period as the parties may agree; consumers will be unable to redeem services after this time period.
• Customer is responsible for communication of the code and all fulfillment information to their consumers.
• Code(s) will be released only to an authorized individual listed on the customer agreement.
• TransUnion assumes no risk of any misuse of the access code(s) after its delivery to the Data Breach Services customer.
• In the event that selected service requires TransUnion to obtain a list of affected consumers to action events, an FTP folder will be created and details shared with the customer for loading a file electronically
16
FREQUENTLY ASKED QUESTIONS
K17
Data Breach Services | Customer HandbookData Breach Services | Customer Handbook
Q: If the consumer has a “fraud alert” put on his or her file, how does the consumer request online credit monitoring?
A: The consumer may be required to call the TransUnion customer service team during the identity verification process so the consumer can be authenticated.
Q: Will the consumer need to input a credit card number or any other billing information to receive online credit monitoring?
A: No, the consumer will not be asked for a credit card. In addition, this service is not automatically renewed.
Q: How often is a customer’s credit report monitored for suspicious activity?
A: A customer’s credit report is continually monitored and updates are provided daily for critical changes.
18
CONTACT INFORMATION
Primary sales contact (prior to signed contract)
Implementation & Data Breach Specialists
Julie MannellaMajor Account ExecutiveConsumer Solutions(289) [email protected]
Steve MackayAccount ExecutiveConsumer Solutions(905)[email protected]
Learn MoreTo learn more about TrandsUnion’s Data Breach Services visit: www.transunion.ca/solution/data-breach-services or call us at 1-855-488-4636.
19
o
Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook
Appendix A:
1. Navigate to transunion.ca/GCredemption and enter your 12-letter Activation Code (that was provided in your notification), into the designated field. Click on the “Click Here” button to continue.
2. Step 1 of 3, “Create Your Account”. Fill in the requested information and then click on the “Next” button to continue.
3. Step 2 of 3, “Provide Permission”. Select the “I Agree” radio button and then click on the “I Agree” button to continue.
4. Step 3 of 3, “Identity Verification”. A series of questions will be asked to ensure you’re really you. Answer the question by clicking on the appropriate box(es) and then click on the “Next” button to continue.
5. Upon successful completion of the three steps, you’ll be brought to the “Welcome” page where you can access all of the credit monitoring benefits provided to you.
Online New-User Order Flow
20
Appendix B:
My TransUnion Monitoring: transunion.ca/GCredemption
Landing Page
21
Data Breach Services | Customer HandbookData Breach Services | Customer Handbook
Fraud compromise response service company information sheetPlease complete and return this document with the TransUnion Mutual Non-Disclosure Form via email: [email protected].
Nature of Compromise (check all that apply)
Loss/Theft of Computer/Laptop
Computer Breach
Internal Collusion
Mail Fraud/Theft
Corporate Information
Company legal name ____________________________________________________________________________________________________________________________________
Doing business as ________________________________________________________________________________________________________________________________________
Physical address __________________________________________________________________________________________________________________________________________
Billing address _____________________________________________________________________________________________________________________________________________ (if different than physical addresss)
Main phone number ___________________________________________________________Main Fax Number ________________________________________________
Website address __________________________________________________________________________________________________________________________________________
Contact Details
Contact ____________________________________________________________________________Title __________________________________________________________________
Contact phone number _____________________________________________________Contact email address _______________________________________
Nature of Business ____________________________________________________________Date established ________________________________________________
CHECK ONE:
Public Organization Private Organization
Business license or articles of incorporation # _______________________________________________________________________________________________
Authorization By signature below, I (we) certify that all information provided to TransUnion whether on this form or any other forms, as well as any documents submitted by the Applicant, is complete and accurate.
Authorized Signature ___________________________________________________________________________________________________________________________________
Name __________________________________________________________________________________________________________________________________________________________
Date (yyyy/mm/dd) ______________________________________________________________________________________________________________________________________
Authorized Signature ___________________________________________________________________________________________________________________________________
Name __________________________________________________________________________________________________________________________________________________________
Date (yyyy/mm/dd) ______________________________________________________________________________________________________________________________________
23
Estimated Number of Victims _______________________________________________________________________________________________________________________
Social Insurance Number impacted _______________________________________________________________________________________________________________
Offer of assistance extended to impacted individual? Yes No
If you responded yes to above, please check all follow-up action you have taken that may apply:
Communicated the situation to your consumers/employees verbally
Communicated the situation to your consumers/employees in writing
Asked your consumers/employees to write into TransUnion
Provided your consumers/employees the phone number to contact TransUnion Victims of Fraud Services
Notified Equifax of the incident
Alerted/notified the press
Has this incident been reported to the police? Yes No
Police Report # _______________________________________________________Officer/Division ___________________________________________________________
Please list any police investigation details: _____________________________________________________________________________________________________
___________________________________________________________________________________________________________________________________________________________________
___________________________________________________________________________________________________________________________________________________________________
___________________________________________________________________________________________________________________________________________________________________
Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook
[Date]
[Client Name][Client Address][City, Province Postal Code]
Dear [Client Name]:
At [insert company name here], we value our relationships and work hard to earn your confidence. Therefore, we promptly notify you and take immediate steps to correct any situation that may affect your relationship with [insert company name here].
On [insert date here], an incident resulted in a compromise of your personal information. [insert explanation/details of situation here].
We apologize for this incident, but want to assure you that we have taken steps to help protect you.
We recognize that you may have questions about this incident. First, we believe there is little chance that your information will be misused as [explain reason]. Also, we have contacted and requested the assistance of Trans Union of Canada, Inc. (“Trans Union”), one of Canada’s leading Credit Reporting Agencies.
Through TransUnion, we have arranged for a one-year subscription to an electronic credit monitoring service, at no cost to you. This credit monitoring service will notify you by email of any new credit related activity made on your credit history. Should an alert be received to your email, you will be able to review the information by logging on to the website.
To enroll, use your Internet browser to access the TransUnion website at:
English: www.transunion.ca/GCredemption
French: www.transunion.ca/GCredemption-fr
Enter the following personalized gift certificate code:
xxxx-xxxx-xxxx-xxx.
Note: Website addresses and gift certificate codes are case sensitive and must be entered exactly as shown above.
[# provided by TransUnion once Mutual Non Disclosure Agreement and Letter Agreements have been signed]
You will then be prompted to set up a user account including user id/password and will be asked to enter your e-mail address for alert notification (you must have an email address to take advantage of this service). If you currently have a membership with TransUnion, you will need to use your existing user id/password. Once your identity has been confirmed, you will be able to view your credit file online. We encourage you to take advantage of this service at our cost for one year.
We understand that you may be concerned about this matter. Let us assure you that we are now reviewing all systems and processes involved in this incident to guard against further issues of this type in the future.
If you have questions or concerns about this matter, please contact us at [insert company contact information here].
Thank you for your understanding and we apologize for any inconvenience this matter may cause you.
Sincerely,[insert company name here]
Sample Notification Letters
Sample Notification Letter CREDIT MONITORING GIFT CODE SOLUTION
24
THESE FORM LETTERS ARE PROVIDED SOLELY AS TEMPLATE TO ILLUSTRATE THE TYPE OF LETTER THAT MIGHT BE SENT BY YOUR ORGANIZATION TO AFFECTED INDIVIDUALS IN THE CASE OF AN OCCURRENCE/BREACH INVOLVING SUCH INDIVIDUALS’ PERSONAL INFORMATION. BECAUSE ANY RESPONSE TO AN OCCURRENCE/BREACH SHOULD ACCOUNT FOR THE ATTENDANT FACTS AND CIRCUMSTANCES, TRANSUNION NEITHER ENDORSES NOR RECOMMENDS THE USE OF THIS TEMPLATE (IN WHOLE OR IN PART) IN CONNECTION WITH ANY SPECIFIC OCCURRENCE/BREACH.
25
[Date]
[Client Name][Client Address][City, Province Postal Code]
Dear [Client Name]:
At [insert company name here], we value our relationships and work hard to earn your confidence. Therefore, we promptly notify you and take immediate steps to correct any situation that may affect your relationship with [insert company name here].
On [insert date here], an incident resulted in a compromise of your personal information. [insert explanation/details of situation here].
We apologize for this incident, but want to assure you that we have taken steps to help protect you.
We recognize that you may have questions about this incident. First, we believe there is little chance that your information will be misused as [explain reason]. Also, we have contacted and requested the assistance of Trans Union of Canada, Inc. (“Trans Union”), one of Canada’s leading Credit Reporting Agencies. At our request, TransUnion has placed a fraud warning on your file.
Placing this message on your file alerts credit grantors of your situation and recommends that they contact you before extending credit. This warning remains on your file for a period of 6 years and has proven to be an effective fraud protection tool and has been widely recognized by credit grantors since its inception in 1997. Please be advised that you have the right to contact TransUnion to have the flag upgraded to provide more detailed information to creditors, to change the warning on your file to include your home and work phone numbers, or to remove the warning, at your discretion. If you wish to have the warning removed or updated, you will need to notify the TransUnion office in writing. Please submit two pieces of photocopied identification (one of the pieces must have your current address and signature). For additional information please note that their website is transunion.ca.
[TransUnion posts the warnings once the Mutual Non Disclosure Agreement and Letter Agreements have been signed]
We understand that you may be concerned about this matter. Let us assure you that we are now reviewing all systems and processes involved in this incident to guard against further issues of this type in the future.
If you have questions or concerns about this matter, please contact us at [insert company contact information here].
Thank you for your understanding and we apologize for any inconvenience this matter may cause you.
Sincerely,[insert company name here]
Sample Notification Letter FRAUD WARNING SOLUTION
Data Breach Services | Customer Handbook Data Breach Services | Customer Handbook
26
[Date]
[Client Name][Client Address][City, Province Postal Code]
Dear [Client Name]:
At [insert company name here], we value our relationships and work hard to earn your confidence. Therefore, we promptly notify you and take immediate steps to correct any situation that may affect your relationship with [insert company name here].
On [insert date here], an incident resulted in a compromise of your personal information. [insert explanation/details of situation here].
We apologize for this incident, but want to assure you that we have taken steps to help protect you.
We recognize that you may have questions about this incident. First, we believe there is little chance that your information will be misused as [explain reason]. Also, we have contacted and requested the assistance of Trans Union of Canada, Inc. (“Trans Union”), one of Canada’s leading Credit Reporting Agencies. At our request, TransUnion has placed a fraud warning on your file.
Placing this message on your file alerts credit grantors of your situation and recommends that they contact you before extending credit. This warning remains on your file for a period of 6 years and has proven to be an effective fraud protection tool and has been widely recognized by credit grantors since its inception in 1997. A disclosure of your personal information to TransUnion was necessary in order to search and locate the appropriate file to place the fraud warning onto.
Please be advised that you have the right to contact TransUnion to have the flag upgraded to provide more detailed information to creditors, to change the warning on your file to include your home and work phone numbers, or to remove the warning, at your discretion. If you wish to have the warning removed or updated, you will need to notify the TransUnion office in writing. Please submit two pieces of photocopied identification (one of the pieces must have your current address and signature). For additional information please note that their website is transunion.ca.
In addition, through TransUnion, we have arranged for a one-year subscription to an electronic credit monitoring service, at no cost to you. This credit monitoring service will notify you by email of any new credit related activity made on your credit history. Should an alert be received to your email, you will be able to review the information by logging on to the website.
To enroll, use your Internet browser to access the TransUnion website at:
English: transunion.ca/GCredemption
French: transunion.ca/GCredemption-fr
Enter the following personalized gift certificate code:xxxx-xxxx-xxxx-xxxx.
Note: Website addresses and gift certificate codes are case sensitive and must be entered exactly as shown above.
[# & warnings provided by TransUnion once Mutual Non Disclosure Agreement and Letter Agreements have been signed]
You will then be prompted to set up a user account including user id/password and will be asked to enter your e-mail address for alert notification (you must have an email address to take advantage of this service). If you currently have a membership with TransUnion, you will need to use your existing user id/password. Once your identity has been confirmed, you will be able to view your credit file online. We encourage you to take advantage of this service at our cost for one year.
We understand that you may be concerned about this matter. Let us assure you that we are now reviewing all systems and processes involved in this incident to guard against further issues of this type in the future.
If you have questions or concerns about this matter, please contact us at [insert company contact information here].
Thank you for your understanding and we apologize for any inconvenience this matter may cause you.
Sincerely,[insert company name here]
Sample Notification Letter BATCH AND FRAUD WARNING SOLUTION
27
File Transfer Request Form
Only to be used when “Add Warning to File” or “Placing SIN into HRFA database” service have been selected.
Please fill out for any request to add, modify, or remove functionality for customer-facing purposes on the TransUnion GlobalScape EFT server.
Administrator Email ____________________________________________________________________________________________________________________________________
Used for: Password resets, troubleshooting
Employee Name ___________________________________________________________________________________________________________________________________________
Used for: Correspondence in lieu of email
Phone Number ____________________________________________________________________________________________________________________________________________
Used for: Correspondence in lieu of email
Existing UserID ___________________________________________________________________________________________________________________________________________
Existing Order Number ________________________________________________________________________________________________________________________________
Existing Products ________________________________________________________________________________________________________________________________________
Please determine if the requesting organization already has EFT access. Please answer ‘N/A’ only if customer
requires a new UserID AND only requires access to this new order
Employee Name ___________________________________________________________________________________________________________________________________________
Used for: Correspondence in lieu of email
Will this UserID be shared? Yes No
The administrator will be responsible for providing access to others as well as authorizing all password
resets if applicable.
Administrator’s Name _________________________________________________________________________________________________________________________________
Only necessary if answer to above is “Yes”.
Email alerts to: ____________________________________________________________________________________________________________________________________________
Used for the following alerts: “Successful upload”, “Output available”