The National Academies Press

Currently Skimming:

Pages 10-11

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 10... ... 10 distributed.81 The use of an electronic payment system that relies on banking and credit transactions only serves to heighten some observers' privacy concerns.82 It has also been argued that electronic payment technology could be used to create a "centralized warehouse" of data on an individual's activities that could be abused.83 One commentator argues that a single card that is used for multiple applications "could become a default personal identification card," collect more data than are needed for many transactions, and serve as an "electronic trail" on an individual.84 Several agencies that responded to the survey maintain either that they own the data they collect or that they do not retain any data. Other agencies' answers vary regarding the type of personal data they collect, who owns or has access to the data and under what circumstances, how long they retain data, and the safeguards they use to prevent hacking and misuse of customers' personal data.85 The foregoing issues are important because transit agencies assume risks when accepting electronic payments and thus may have to invest in "risk mitigation resources."86 Transit agencies' acceptance of credit and debit cards and devices linked to a customer's bank-issued card may expose agencies to payment risks, including claims for fraud; breach of contract, either express or implied; breach of privacy and/or security; and/or breach of a state privacy law or breach-notification law.87 As discussed in more detail in Section IV, transit agencies that use electronic payment systems that require a customer's credit or debit card data are considered card merchants and must comply with the PCI DSS "to protect personal and financial consumer information."88 IV. Read the entire page →
From page 11... ... 11 guidelines are to ensure that only authorized personnel have access to electronic records, provide for backup and recovery of records to protect against the loss of information, train personnel on how to safeguard sensitive or classified electronic records, minimize the risk of unauthorized alteration or erasure of electronic records, ensure that the security of electronic records is included in the "security plans" of computer systems, and comply, if mandated, with the requirements of Executive Order 504 and the Information Technology Division (ITD) Security Policies and Standards.93 B Read the entire page →

From page 10...

... 10 distributed.81 The use of an electronic payment system that relies on banking and credit transactions only serves to heighten some observers' privacy concerns.82 It has also been argued that electronic payment technology could be used to create a "centralized warehouse" of data on an individual's activities that could be abused.83 One commentator argues that a single card that is used for multiple applications "could become a default personal identification card," collect more data than are needed for many transactions, and serve as an "electronic trail" on an individual.84 Several agencies that responded to the survey maintain either that they own the data they collect or that they do not retain any data. Other agencies' answers vary regarding the type of personal data they collect, who owns or has access to the data and under what circumstances, how long they retain data, and the safeguards they use to prevent hacking and misuse of customers' personal data.85 The foregoing issues are important because transit agencies assume risks when accepting electronic payments and thus may have to invest in "risk mitigation resources."86 Transit agencies' acceptance of credit and debit cards and devices linked to a customer's bank-issued card may expose agencies to payment risks, including claims for fraud; breach of contract, either express or implied; breach of privacy and/or security; and/or breach of a state privacy law or breach-notification law.87 As discussed in more detail in Section IV, transit agencies that use electronic payment systems that require a customer's credit or debit card data are considered card merchants and must comply with the PCI DSS "to protect personal and financial consumer information."88 IV.

Read the entire page →

From page 11...

... 11 guidelines are to ensure that only authorized personnel have access to electronic records, provide for backup and recovery of records to protect against the loss of information, train personnel on how to safeguard sensitive or classified electronic records, minimize the risk of unauthorized alteration or erasure of electronic records, ensure that the security of electronic records is included in the "security plans" of computer systems, and comply, if mandated, with the requirements of Executive Order 504 and the Information Technology Division (ITD) Security Policies and Standards.93 B

Read the entire page →

Key Terms

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.