Page 73 - Pay Magazine s2014
P. 73
notices and disclosures, draft- ing marketing messages, writing sales scripts, verifying customer identities, monitoring for suspicious transactions and handling complaints.
• information security. Program managers must implement physical, administrative and technological safeguards to protect the confidentiality and integrity of sensitive data, networks and facilities from known and unknown threats.
In accordance with the Gramm- Leach-Bliley security rule and other recognized information security best practices, an effective information security program also includes:
o Threat and vulnerability risk assessments
o Risk management and controls
o Control testing and continuous monitoring
• Vendor risk management.
This is a top concern for issuing banks and their regulators. There- fore, program managers must:
o Classify all vendors based on risk to the company and their issuing banks
o Perform comprehensive due diligence and manage their individual vendors and the associated risk to the organi- zation and their partners, network and customer data
volume 7 • fall 2014
paybefore.com 71
