Statistics show that the number of unique undetected malicious programs used to steal money from Internet users has been rising exponentially. What follows is a post I wrote for another day...
April 30,2012: Scottsdale, AZ PIN Debit Blog - Remember back in the "old days" when people used think it was safe to type their credit or debit card numbers into boxes at a website retailers checkout page? I used to laugh (or at least shake my head in disbelief during those days)
I used to remember thinking..."Isn't that the equivalent of writing your credit or debit card number down on a piece of paper and leaving it at the Point of Sale?" (so the cashier could enter it when he/she came back from where he/she was)
Or worse yet, do you remember "the daze" when people were told by their financial institution to "type" their username and password into boxes at said financial institution's online banking site?
What were they thinking? Or were they?
Could you imagine driving or walking up to an ATM to pull out $200 cash and being asked to type in a username and password as opposed to swiping your card and entering your PIN in order to authenticate oneself? No? Then why on earth did they ever initially think it would work for online banking authentication?
Meanwhile, statistics such as the ones above (from 2010) graphically illustrated that the jury was no longer out, and we had all been unanimously found guilty of "innocence" (isn't that a nicer word than "naivety")
Remember all those reports we read (red) where consumers believed that it was either the retailers or the banks who were responsible for securing their cardholder data?
Who "earns" your money? You do right? So why do you think you are not responsible for keeping it safe? Put another way, when you "type" your account numbers into browsers amidst all the reports that it is not safe to do so, why did you think you were not responsible for security?
Again, I always laughed (or at least shook my head in disbelief) at those reports. I remember thinking that if I drove 150 mph without my seat belt on, do I really think the airbag is responsible for my safety and security? Even though airbags can save lives, the chances of it doing so are reduced the more reckless we are.
Alas, now we know better... (don't we?) There's a new school of thought out there...
At the end of the day, common sense prevailed and we realized that it doesn't make sense to hand over our cardholder data on a silver platter (browser) to the bad guys.
Now we know (don't we?) that a separate machine which encrypts the cardholder data at the maghead so that it never reaches the browser is not an option, but a requirement. (if we want to keep our money in our pockets)
What's that you say? We haven't quite learned that yet? Your living in the past dude. Remember, it's 2012 now.
The writing was on the wall as far back as 2009 and with statistics like the one's represented above, we will most certainly get there.
Now I am aware of the old saying that "You can't teach an old dog new tricks", but swiping your card and entering your PIN is not a new trick.
|Remember when people used to Type their Card Numbers Into Boxes on Websites? What were we Thinking?|