GSA assessing charge card contractors’ security policies

Under pressure from lawmakers to ensure federal charge card data is secure, the General Services Administration will review the security policies of the four other SmartPay contractors after Bank of America revealed late last month that it lost the records of 1.2 million federal employees.

In a response to questions from Sen. Susan Collins, chairwoman of the Homeland Security and Governmental Affairs Committee, GSA administrator Stephen Perry said in a letter that the agency will ensure that Bank One of Wilmington, Del., Citibank of New York, Mellon Bank of Pittsburgh and US Bank of Minneapolis will “provide adequate protection for personal information of federal employees.”

Collins, a Maine Republican, wrote a letter to GSA and Bank of America last week asking how both organizations would ensure federal data is better protected [See GCN story].

GSA and the Defense Department also will conduct a joint risk assessment to review Bank of America security procedures, Perry said. Bank of America lost more than 900,000 Defense employees’ information, DOD officials said.

GSA would not offer much detail on how they are conducting the review of SmartPay vendors or the joint risk assessment.

“GSA is taking all appropriate steps to ensure that SmartPay contractors maintain security policies consistent with current industry standards,” said MaryAlice Johnson, an agency spokeswoman. “We expect these activities to continue in the coming weeks.”

Johnson added that GSA still is developing the timetable to conduct the evaluations.

Bank of America also told GSA it has changed its method of handling SmartPay system back-up operations. Bank spokeswoman Alexandra Trower said the company does not comment on those procedures for security reasons.

“We are continually improving our processes and procedures for handling our customer’s information,” she said.

Bank of America also provided GSA with a list of names of the affected cardholders and is sending out a second letter to cardholders explaining how to obtain a free credit report and fraud alert.

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • Defense
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    DOD CIO hits pause on JEDI cloud acquisition

    Dana Deasy set cloud as his office's top priority. But when it comes to the JEDI request for proposal, he's directed staff to "pause" to compile a comprehensive review.

  • Cybersecurity
    By Gorodenkoff shutterstock ID 761940757

    Waging cyber war without a rulebook

    As the U.S. looks to go on the offense in the cyber domain, critical questions remain unanswered around who will take the lead and how clearly to draw the rules of engagement.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Deadline extended for Rising Star nominations

    You now have until July 18 to help us identify the early-career innovators and change agents in government IT.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.