Posts by Keir Breitenfeld

The delicate balance between customer and criminal

Sadly fraudsters seem to always be one-step ahead of fraud-prevention strategies, causing organizations to play catch-up to the criminals. And as information security tightens and technologies evolve, so does the industrious nature of organized identity and online fraud. It should be no more

The Year of Mobile Payments - 2015

Recently, I sat down to answer three questions for “The Year of Payments - 2015: One Quarter in” for on the topic of mobile payments in regards to: How Q1 2015 is different than Q1 2014 What’s the most significant development so far this year? If “Payments 2015” were a brand and had more

Keep calm and authenticate on

Not long ago, I spoke at the eSign Records conference in NYC.  During Q&A, someone asked a question that comes up often:  What is the future of knowledge-based authentication (KBA)?  It is no secret that there are people in the industry who believe the usefulness of KBA has run its course; however, more

Data breaches, compromised passwords, and hacked credentials

More than ever before, there may now be credence in the view that the majority of consumers’ personally identifiable information (PII), user names and passwords, and even some authentication tokens have been, or are, at risk of compromise.  Between sophisticated hacking schemes and more

June 1, 2010 Red Flags Rule compliance deadline is just the beginning

Well, here we are about two weeks from the Federal Trade Commission’s June 1, 2010 Red Flag Rule compliance enforcement date. While this date has been a bit of a moving target for the past year or so, I believe this one will stick. It appears that the new reality is one in which individual more

FTC extends Red Flags Rule enforcement deadline…..again.

There were always questions around the likelihood that the August 1, 2009 deadline would stick.  Well, the FTC has pushed out the Red Flag Rules compliance deadline to November 1, 2009 (from the previously extended August 1, 2009 deadline). This extension is in response to pressures from Congress – more

More clarifying language from the drafting agencies

As I've suggested in previous postings, we've certainly expected more clarifying language from the Red Flags Rule drafting agencies.  Well, here is some pretty good information in the form of another FAQ document created by the Board of Governors of the Federal Reserve System (FRB), Federal more

FTC's Red Flags enforcement deadline extension is helping many institutions

We at Experian have been conducting a survey of visitors to our Red Flag guidelines microsite ( Some initial findings show that approximately 40 percent of those surveyed were "ready" by the original November 1, 2008 deadline.  However, nearly 50 percent of more

August 1st deadline may be ahead of you, but certain compliance requirements are in place today

As most industry folks are aware, the FTC recently pushed out their Red Flags Rule enforcement deadline to August 1, 2009.  It is important to note, however, that this extension does not apply to the specific requirement that institutions with covered accounts detect and respond to more

Address discrepancies aren't the end of the road, but they sure can be a bump in it

One of the handful of mandatory elements in the Red Flag guidelines, which focus on FACTA Sections 114 and 315, is the implementation of Section 315.  Section 315 provides guidance regarding reasonable policies and procedures that a user of consumer reports must employ when a consumer more