Monday, February 16, 2009

Do We Need a New Internet?

In yesterday's New York Times, John Markoff writes that maybe we need a brand new Internet.  This time with security...  I allude to this article with the sole intent of bringing into perspective, why HomeATM has chosen to take a hardware-based (outside of the browser space) end-to-end encrypted approach to e-transactions.  

Here are some selected quotes:

  • "Bad enough that there is a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over."

  • The Internet’s original designers never foresaw that the academic and military research network they created would one day bear the burden of carrying all the world’s communications and commerce. There was no one central control point and its designers wanted to make it possible for every network to exchange data with every other network. Little attention was given to security. Since then, there have been immense efforts to bolt on security, to little effect.

  • “In many respects we are probably worse off than we were 20 years ago,” said Eugene Spafford, the executive director of the Center for Education and Research in Information Assurance and Security at Purdue University and a pioneering Internet security researcher, “because all of the money has been devoted to patching the current problem rather than investing in the redesign of our infrastructure.”

  • Despite a thriving global computer security industry that is projected to reach $79 billion in revenues next year, and the fact that in 2002 Microsoft itself began an intense corporate-wide effort to improve the security of its software, Internet security has continued to deteriorate globally.

  • Even the most heavily garrisoned military networks have proved vulnerable. Last November, the United States military command in charge of both the Iraq and Afghanistan wars discovered that its computer networks had been purposely infected with software that may have permitted a devastating espionage attack.

To read the NYT article in it's entirety, click here

Reblog this post [with Zemanta]

$1 Trillion Lost to Cybercrime...Can Hackers Bail US Out?

According to the numbers provided in recent report from McAfee, maybe we should be asking the hackers, instead of US taxpayers to bail us out of this recession. 

McAfee, in a recent report entitled, "Unsecured Economies: Protecting Vital  Information, states that data theft and breaches from cybercrime may have cost businesses as much as $1 trillion globally in lost intellectual property and expenditures for repairing the damage in 2008.

McAfee made the projection based on responses to a survey of more than 800 chief information officers in the U.S., United Kingdom, Germany, Japan, China, India, Brazil, and Dubai.

The respondents estimated that they lost data worth a total of $4.6 billion and spent about $600 million cleaning up after breaches, McAfee said.  McAfee CEO Dave DeWalt spoke to CBR about the results and said that the findings suggested the figure around the world could be much larger.

“The findings are startling,” he said. “We believe the potential figure for total losses worldwide could be as much as $1,000,000,000,000 trillion.”
 In what has to be one of the dumbest mindsets/perceptions out there, the survey also found that respondents worried more about the damage that leakage or loss of  vital information would do to their company’s reputation than about the financial impact.  That statement would lead me to respond that if they're more worried about their company's reputation than financial impact, then they should donate all of their gross revenues to the bailout fund.  That would help their reputation as far as how US taxpayers would perceive them.   C'mon. 

The financial impact of a breach could potentially destroy a company...let alone their reputation.  Of course there "may" be exceptions, for instance,  Kapersky, (now more famoulsy known as "KaperSkyisFalling") F-Secure (who knew that the F stood for Failure) and BitSecure.  (are they contemplating rebranding their company as: "A BitMoreSecure?") whom all were recent victiims of the same Romanian hackers SQL Injection/cross site scripting attack which allow him to gain access to key data.  They have to worry about their company's reputation because they're supposed to "provide security."  On the other hand, ask Heartland Payment Systems if they're more worried, at this point, about their reputation or the financial impact of the breach.

Not surprisingly, McAfee's DeWalt said "that kind of mindset (reputation first, financial impact later) could be very damaging to enterprises."  Asked if he felt companies did not fully understand the value of IP, he said: “Yes, it’s all about brand protection, but that is after the fact. Businesses need a much better understanding of what data they have and where it is stored.” He added that a combination of education, technology and government intervention is they key to improving data security.
"This is the number one security concern at the moment."  McAfee suggested that situation could get worse as businesses are put under increasing pressure to reduce costs during the economic downturn. Reduced spending and staffing levels have led to more porous defenses and increased opportunity for crime," DeWalt said.

Reblog this post [with Zemanta]

China's Credit Card Market - 2008 Report Available


After five consecutive years of growth since 2003, China's credit card market finally started its adjustment in 2008. And since the beginning of the second half of that year China's banks have been cutting their issue of credit cards because the global financial crisis and the degradation of international credit market and thus that banks needed to control risks.

As a result, the increase of issue of credit cards was down more than 50% from a year ago. But the absolute number of credit cards still went beyond 150 million in China in 2008 in spite of the slowdown of issue.

The major credit-card brands in China include: China UnionPay, VISA, MasterCard, American Express, and JCB

The market shares of which were UnionPay 64.6%, VISA 18.0%, MasterCard 15.2%, American Express 0.7%, and JCB 1.6% by the end of November 2008. (see graphic on left)

To view the "Table of Contents" from the report, click the link provided below:

Reblog this post [with Zemanta]

Wyndham Hotels Hacked...Cards Compromised

Hack Alert

This is getting a little ridiculous is it not? Every week there's a new hack.  This time you're being warned that if you stayed at a Wyndham Hotels and Resorts property last year that you may want to monitor your credit card statements  They are the "latest" victim, for lack  of a better word, of a data breach which has compromised payment card information.

Here's the Press Release

Press Release

February 16, 2009

To our Wyndham Hotels and Resorts guests:

In mid-September, 2008, our company discovered that a sophisticated hacker penetrated the computer systems of one of the Wyndham Hotels and Resorts (WHR) franchised hotels. By going through the centralized network connection, the hacker was then able to access and download information from several, but not all, of the other WHR properties and create a unique file containing payment card information of a small percentage of our WHR customers. The incident did not affect any of the other branded hotels in the Wyndham Hotel Group system. We deeply regret that this incident occurred and are doing everything we can to notify our customers directly, to address and remedy the problem, and, more importantly, to ensure that it does not reoccur.


In addition to ensuring that the hack was immediately terminated and disabled, we promptly retained a qualified investigator to assess the problem and ensure that we had isolated it, and then to help us implement the proper changes to strengthen and improve the security of our connections with each of our WHR branded properties. Further, each of the impacted properties separately brought in a qualified PCI investigative firm to assess and improve the security at each hotel property in the system.

To ensure our customers’ card numbers were protected, we provided each of the payment card companies (American Express, Visa, Mastercard and Discover) with the actual card numbers that were accessed so that these payment card companies could take such action as they deemed appropriate to monitor the use of the cards.

We also notified the Secret Service, as well as several states' attorneys general offices with information about the breach, and continue to work with law enforcement to assist in the investigations of this matter.

Because only payment card information was compromised, we had difficulty locating the names and addresses of the individual customers’ impacted. Undaunted, we contracted with secure third party consumer reporting agencies to match every active credit card in the United States with the consumer’s name and address and we personally provided notice to those individuals.


Potentially exposed through this breach are guest and/or cardholder names and card numbers, expiration dates and other data from the card’s magnetic stripe. At this time, no criminal identity theft related to the use of the consumer data has been identified. Importantly, we believe that it is unlikely that identity theft will occur because of the limited amount of information that was compromised. Birthdates, SSNs, addresses or other personally identifying information were not kept by the hotels and therefore not part of the compromise. Nevertheless, we recommend that you regularly monitor your card and bank statements and that you promptly report all suspicious activity to the financial institution that issued your card.


Wyndham prides itself on providing exceptional value for our guests. We deeply regret this incident occurred and we will work hard to restore your confidence in our brand.


Kirsten Hotchkiss

Airmiles...Use 'em or Lose 'em

Credit card holders could lose their Airmiles

Millions of people face losing all the Airmiles they have collected through buying with their credit cards and shopping online if they fail to collect any in the next six months.

Airmiles – the UK's longest-running loyalty programme – has written to 1.7 million customers who have 500 Airmiles or more but have not collected any in the past two years, telling them that if they do not collect at least one Airmile in the next six months, their accounts will be closed and they will lose any Airmiles they have accrued.

The company's actions have angered customers, and Simon Calder, the Independent's travel editor likening the move to banks closing savers' current accounts through lack of activity.

Mr Calder told the BBC: "That's a bit like having a bank account where you're told, 'Ah, well, you haven't put any money in it for a couple of years so we've closed it down and kept your money.'"

Continue Reading at Fair Investment

Reblog this post [with Zemanta]

Disqus for ePayment News