GSA assessing charge card contractors’ security policies

Under pressure from lawmakers to ensure federal charge card data is secure, the General Services Administration will review the security policies of the four other SmartPay contractors after Bank of America revealed late last month that it lost the records of 1.2 million federal employees.

In a response to questions from Sen. Susan Collins, chairwoman of the Homeland Security and Governmental Affairs Committee, GSA administrator Stephen Perry said in a letter that the agency will ensure that Bank One of Wilmington, Del., Citibank of New York, Mellon Bank of Pittsburgh and US Bank of Minneapolis will “provide adequate protection for personal information of federal employees.”

Collins, a Maine Republican, wrote a letter to GSA and Bank of America last week asking how both organizations would ensure federal data is better protected [See GCN story].

GSA and the Defense Department also will conduct a joint risk assessment to review Bank of America security procedures, Perry said. Bank of America lost more than 900,000 Defense employees’ information, DOD officials said.

GSA would not offer much detail on how they are conducting the review of SmartPay vendors or the joint risk assessment.

“GSA is taking all appropriate steps to ensure that SmartPay contractors maintain security policies consistent with current industry standards,” said MaryAlice Johnson, an agency spokeswoman. “We expect these activities to continue in the coming weeks.”

Johnson added that GSA still is developing the timetable to conduct the evaluations.

Bank of America also told GSA it has changed its method of handling SmartPay system back-up operations. Bank spokeswoman Alexandra Trower said the company does not comment on those procedures for security reasons.

“We are continually improving our processes and procedures for handling our customer’s information,” she said.

Bank of America also provided GSA with a list of names of the affected cardholders and is sending out a second letter to cardholders explaining how to obtain a free credit report and fraud alert.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.