PAYSTUB
    The Payroll Industry eNewsletter from Atlantic Capital Bank
    3rd Quarter, 2014



Meet the Team
Danielle DiMaio
Assistant Vice President of Implementations, Technology Services 

Danielle DiMaio is the Assistant Vice President of Implementations and Technology Services at Atlantic Capital Bank. Danielle manages the onboarding and implementation for Atlantic Capital's ACH clients.

Danielle has worked with electronic payments and corporate support in banking for close to 18 years. She is an Accredited ACH Professional (AAP), and has held this certification for the past 10 years.
Contact Us
Nathan Ottinger
Payment Services Banking
(404)  995  -  0223
nathan.ottinger@ atlcapbank. com

Atlantic Capital Bank
3280 Peachtree Road NE
Suite 1600
Atlanta, GA 30305
(404)  995  -  6050
U.S. Interest Rates and Economic Data
Financial Instruments
Today
(as of 9.23.14)
1-year ago
1-month Libor
0.17%
0.22%
6-month Libor
0.36%
0.42%
1-year T-bill
0.10%
0.10%
5-year T-bill
1.80%
1.48%
10-year T-bill
2.57%
2.72%
U.S. Unemployment rate
6.1%
7.2%

*Current and historical rate data taken from the
Federal Reserve Board (www. federalreserve .gov)


"Because That's Where the Money Is"
Nathan Ottinger
Senior Vice President, Payments Industry

When the notorious 1920s era bank robber Willie Sutton was asked by a newspaper reporter why he robbed banks, he responded, "Because that's where the money is." It was confirmed that Mr. Sutton stole more than $2 million over a 10 year period (over $30 million in today's dollars.) While infamous for his abundance of bank jobs, Mr. Sutton was incarcerated for the majority of his adult life and could certainly be labeled as a criminal failure.  

 

It's interesting to think about financial crimes of the 1920s versus financial crimes of today. In the 1920s, financial crime was typically limited to how much you could carry, how fast you could get away, and at times how accurately you could shoot. These physical attributes limited the size and scale of what could be secured as ill-gotten gains. Even the most "successful" criminal's sphere of potential damage was limited.

Fast forward to today, and the size, scale and escapability of financial crime are vastly different and arguably infinitely more lucrative. Most financial crimes of the 21st century start with data collection. Today's financial criminals have developed sophisticated data collection technologies, typically in the form of computer malware, that are unknowingly resident on unprotected or compromised databases. This malware is designed to capture, store and transmit certain fields of data back through a network of servers to the financial criminal, who is typically located in a foreign jurisdiction and outside of US criminal prosecution. These criminals then either sell the collected data across criminal online marketplaces or utilize the data to commit additional fraudulent acts themselves.
 

Many of the data breach stories that have been in the news of late have focused on the credit/debit card systems of large retailers, including Target, Home Depot, and UPS. Credit/Debit card data has been targeted by financial criminals because there is an active online marketplace to sell this data. While a credit/debit card data breach is of serious consequence to the retailer and bank card issuer, the amount of consumer data available on the magnetic stripe of a credit/debit card is fairly limited, and therefore the consumer impact of a credit/debit card data breach can be somewhat contained.

 

The database of a payroll company, however, contains detailed consumer information in thousands of logically associated records, including name, address, SSN, DOB, bank account details, etc. Protection of this data is mission critical for your payroll company and the payroll industry. The costs of a data breach are large and would most likely financially overwhelm a typical payroll service bureau:

  • Average costs of responding to a data breach are $3.5 million which is a 15% annual increase
  • Average costs to the company per consolidated record stolen = $145
    Source: Ponemon Institute Study 2013

 

These costs do not include reputational and client attrition costs.  


So what's an independent payroll company to do to combat the potential company-destroying effects of a data breach? Here are several preventative measures to implement today:

  1.  Conduct an annual IT security audit. These are becoming more frequent as part of the scope of work within an SSAE16/SOC1 audit.
  2. Discuss with your liability insurance carrier the costs and benefits of a cybercrime policy and accurately define the potential exposure limits.
  3. Conduct detailed and regular due diligence on your payroll software vendor(s) about their database security initiatives and best practices. Evaluate your data reporting processes associated with any system that is outside of your core payroll software platform. 
  4.  If your software is hosted at an offsite datacenter, understand where the datacenter's roles and responsibilities for data protection start and end. 
  5. Ensure that you have the latest versions of malware/anti-virus software installed on your network. Ensure that IT security logs are reviewed frequently and anomaly detection alerts/notifications are immediately responded to.
  6. Have a data breach plan in place as part of your risk management procedures.

There are hundreds if not thousands of modern day Willie Suttons out there trying to make a living stealing consumer data. You will never hear about them and most likely they will never be prosecuted, but you do have the ability to fight back by taking the initiative to protect your data. Why do you hack a payroll company? "Because that's where the data is."







www. atlanticcapitalbank .com
Member FDIC, Equal Housing Lender