Thursday, August 21, 2008

BBC: So How Secure Is Our Card Info?

In light of the biggest identity theft case ever prosecuted in America, the spotlight is being turned on just how secure is our credit and debit card information? The question is a simple one but the answer might appear to be a bit harder to pin down.

VeriSign, a firm that secures websites for e-commerce, told the BBC that credit and debit card information is "vulnerable" but they are working with retailers to change that.

"Credit and debit card information is just not incredibly secure," said Perry Tancredi, VeriSign's senior product manager for fraud detection. "But it is counterbalanced by the amount of fraud losses due to cheque fraud and direct debit fraud which is much greater than credit card fraud."

Mr Tancredi said: "Regardless of how strong the security measures, and how vigilant, the weak part of the chain is there is always a human who is responsible and who has overall control over the information." He suggested the best bet was for all consumers to "assume that there will be some sort of fraud on your account sooner or later" and put in place a plan to deal with it.

Getting safer

Espousing a completely different view is Jerry Tabeling who is the president of IDP, a company that carries out vulnerability assessments of networks and online business applications. "Our information is a lot more secure after all the publicity we have had about attacks," he said. But yes there are still problems that still exist though it is getting safer." These, Mr Tabeling told the BBC, tend to centre around a retailer not doing a good enough job securing its network.

"If the proper encryption is configured on the wireless access point, then an attacker will not be able to get any information. I would have to bet in this case that didn't happen."

At stake for victims of fraud is more than just money The authorities said the details of the 40 million credit and debit card holders was obtained by the hackers "wardriving" past stores to find wireless networks they could hack into. This entailed driving around using a hand-held device to detect a wireless signal much in the same way a radio scanner hunts for a signal.

The US justice department said the hackers then loaded "sniffer" software onto the retailers' networks which captured numbers as well as passwords and account information as it moved through the retailers credit and debit processing networks. That information was then sent to servers that the group controlled in Eastern Europe and the United States.

The justice department said the stolen numbers were "cashed out" by encoding card numbers on the magnetic strips of blank cards and then used to withdraw tens of thousands of dollars from ATMs.

Identity loss

The Justice Department is not putting a figure on just how much the fraud has cost, but Mr Tancredi said the money is not the point with most card liability ranging around $50 (£25).

MasterCard says it strives to safeguard account information "If you are a victim of credit card fraud you might get your identity stolen and then you lose more than just money. You lose time, you lose trust and it could take years to fix your credit." MasterCard said preventing fraud and safeguarding financial information is a top priority for the company. Spokesman Chris Monteiro told the BBC: "If a cardholder is concerned at all about the security of their account they should immediately contact their issuing financial institution."

The Payment Card Industry, or PCI, has developed standards for retailers to adopt when handling credit and debit payments. A spokesperson said while it is trying to get merchants to adopt these standards "it is not our job to go around checking who is compliant with this. That is lead by the credit card brands."

Meanwhile Mr Tabeling, an IT security specialist, suggested that all consumers need to play a more proactive part in policing their own transactions and their credit information. "We have no choice but to trust the retailers are doing their bit but we can do more. "We can keep track of our credit report once or twice a year, check our statements and set up a notification so that if there is any suspicious activity on our account we are told about it right away."

Related Stories on the BBC:
Concern over rising fraud cases 28 Jul 08 Scotland
Hi-tech criminals target Twitter 05 Aug 08 Technology
Oyster card hack to be published 21 Jul 08 Technology
Phishing attacks soar in the UK 15 Apr 08 Technology

Related Links: VeriSign PCI IDP MasterCard

U.S. Consumers Lost Nearly $8.5 Billion to Viruses, Spyware, and Phishing

U.S. consumers lost almost $8.5 billion over the last two years to viruses, spyware, and phishing schemes according to latest projections from the Consumer Reports State of the Net survey.

Additionally, report estimates that American consumers have replaced about 2.1 million computers over the past two years because of online threats. Survey has also reveals some hopeful signs such as declining chances of becoming a cybervictim—consumers have 1 in 6 chance of becoming a cybervictim, down from 1 in 4 in 2007.

Other findings include:
  • Spam: One in three survey respondents reported heavy levels of spam. One of the newest types, cell-phone spam, is a minor nuisance to most online homes. 1.2 million people nationwide are estimated to have received more than 25 such messages each during a recent six-month period.
  • Viruses: The rate of serious virus problems has declined 32% over the years however 19% of respondents reported that they didn't have antivirus software on their computer.

  • Spyware: One in 14 respondents reported a serious computer problem as a result of spyware, compared to 1 in 6 respondents in 2005. In the past six months, 566,000 households replaced computers due to spyware infections.

  • Phishing: Over the past two years, about 6.5 million consumers, or roughly 1 in 13 online households, gave phishing scammers personal information. 14% of them lost money. Consumer Reports estimates that American consumers lost about $2 billion to phishing scams.

7 Online Blunders - These common mistakes can ruin your computer or invite identity theft

Will Banks Contribute to Innovation(s) in Retail Payments?

Aneace Haddad, founder and chairman of Welcome (Real Time), and an industry associate of mine, has recently published a seminar presentation with full audio, entitled “How will banks meet the challenges of innovations in retail payments"? 

He chaired a conference in Hong Kong (Financial Cards & Payments Asia) and gave the keynote address, which you can view below.

Along with the HomeATM PIN Debit blog, "Aneaces Blog" among others, is recommended by Glenbrook's Payments News.  So take a look when you have some extra time.  You can visit Aneaces Blog by clicking the link.

Haddad July 2008
View SlideShare presentation or Upload your own.

Disqus for ePayment News