Monday, August 31, 2009

HomeATM Provides the "Inevitable" Solution Now






HomeATM: "Inevitably For Our Own Good"







Here's an excerpt from an article written by Rhodi Mardsen which unequivocally states the reality of what it takes to secure online banking and credit/debit card transactions conducted online.  It's the economy typing stupid! Don't Type: Swipe!



HomeATM encrypts the card details so that hackers only find "random gobblygook" and manufactures the "only device" designed for eCommerce to be PCI 2.x Certified.   We did it because "it's for your own good."  The shift towards everyone using a HomeATM to conduct secure transactions and online banking continues...




There is a worldwide standard (the PCI-DSS) that any companies dealing with cardholder information are obliged to sign up to, but many security experts have pointed out that it's possible to tick all the PCI's boxes and still be insecure. The offence allegedly committed by Gonzalez is as vivid an illustration of that as one can imagine.



For once, this lapse in online security has nothing to do with us, the general public. We're guilty of all manner of stupidity when it comes to our personal financial security – writing down PIN numbers on Post-it notes, using the word "password" as our password (or typing "anything" into online banking sites or merchant checkout) just because we are "instructed to.")  – but in this case there's nothing we could have done, save for withdrawing entirely from the 21st century and using cash instead.
So what should these companies be doing to protect us? Graham Cluley, (sounds like he has one...Clu that is) from internet security firm Sophos, has expressed his disbelief that our card details aren't encrypted when they're stored, so that hackers just find random gobbledygook. "If they were properly encrypted," he says, "it would take until the sun burns out for anyone to decode it."

Editor's Note:  HomeATM believes that they shouldn't even be stored.  This is why HomeATM instantaneously encrypts the card details (including the Track2 data).  By doing so the Internet Retailers (IR) never store it, in fact never even handle it. This provides three distinct benefits.  1.  It  keeps the data safe, 2.  instantaneously places the IR within the realm of  PCI compliance and 3. protects the IR from significant fines which would be levied against them by V/MC in the event of a breach.  Those are three pretty significant benefits...but first, we have to eliminate typing. 


But it's not just the companies storing our details that need to shape up. The 130 million stolen credit card numbers would be of no use to anyone if they couldn't be used to buy stuff. Any masterminds wouldn't have been the ones picking a card number and using it to buy soft furnishings on eBay; they'd sell the numbers on to other criminals in blocks of a few thousand. But eventually, someone would pretend to be you and use your money, because it's still disconcertingly easy to do.



Online shopping is a click-happy cinch, but with that convenience comes risk; if you can tap out your 16-digit number, expiry date and a supposed "secret" three-digit number on the back of your card to book a flight to the South of France, so can anyone else.
"We may balk at the idea of carrying around an additional device (of the kind Barclays customers now have to use for online banking) to enter our PIN every time we make a credit card purchase online, but when these kind of measures are inevitably introduced, we'll have to grin and bear it. It's for our own good, after all.
As for the likes of Alberto Gonzalez, they're talented individuals capable of writing sophisticated software that can detect weaknesses in even the strongest computer defences. Indeed, such characters frequently find themselves with job offers in the industry following their release from prison. But after a 35-year stretch, technology is likely to have marched on a bit too far for anyone to catch up. Marched on so far, one would hope, that our money would finally be safe from marauding cybercriminals. Fingers crossed.
Source: Independent

Reblog this post [with Zemanta]

Disqus for ePayment News