Thursday, August 28, 2008

More on Hacker's 11

There's been a lot of press relating to the 40 million card breach and the subsequent arrest of the Hacker's 11. In fact, I've done several posts on it myself.

It was all done by something called "wardriving," (
see WarDriving 101) which involves driving through areas with a laptop searching for accessible wireless Internet signals, and then tapping into those systems to install "sniffer programs" that capture credit and debit card numbers as they move through a retailer's processing networks.

Perhaps the worst part of this is that nothing can be done to prevent it from happening again. Members of the international stolen credit and debit card ring, which included some U.S. citizens, were locked up -- but you can't lock up a technique. As long as there's WEP, there's theft.

As I mentioned yesterday, the financial community is heavily regulated (
see yesterday's post "PCI, PCIDSS 101) to protect consumers' data, which is encrypted by law and industry agreement. No one "purposefully" shortcuts that process. But the crooks found a way to insert a data sniffer into the system so that by the time cards were swiped and the information was released from the point-of-sale device, the information already had been snagged.

The industry will devise a solution. But in what amounts to a digital arms race, criminals will figure out a way around it. The Center for Democracy and Technology advises consumers that, as more and more of their lives are processed online, they must take more responsibility as they are handing over personal and financial information.

Editor's Note: I personally, think the solution lies in "NOT handing it over at all" but instead, using HomeATM's Personal PIN Pad for online purchases. The fact is: Anytime you type in your credit/debit card number a consumer is ripe for hacking. Myriad methods to do it, and more and more on the way every day. Maybe we can get the environmentalists to go after the keyloggers or at least have the owls spot them... Seriously, though, entering your credit card information via a keyboard on a PC is asking for trouble. This is why I have spent a lot of time trying to make the case for a personal PIN Entry Device. (
See Reverse Matriculation, Bring the Device Home)

HomeATM is working vigilantly on creating and putting forth a program that will get their Personal PIN Entry Device into the hands of as many consumers as possible. We believe it won't be long before that happens and millions of consumers have one. However, in the meantime, if you absolutely feel the need to purchase something online, keep these two rules of thumb at the forefront of your awareness:

1. When typing in a credit card number, make sure the web page is secured (more secured), as indicated in the URL as https -- the "s" standing for "secure."

2. Do not enter your financial or personal information while using a wireless network. Someone could be sitting outside of Starbucks with a program that is sniffing the information typed into your keyboard and stealing that (and your buck$) right out of thin air.


Those crooks thank their lucky stars that your bucks don't stop there... thank yours that it won't be long before you can be the proud owner of your own personal HomeATM!

Disqus for ePayment News