Monday, February 2, 2009

Want to See Something Really Scary?

In a very scary article written by BYRON ACOHIDO and JON SWARTZ in USA Today last week, readers were provided the opportunity to gain some insight into just how unsafe it is to enter your debit or credit card numbers online.

These bullet points should be enough to (rightfully) scare the living bejeezeeze outta you and steer you away from the idea of ever typing in your credit or debit card numbers online again.


Remember: "Don't Type, Swipe"
You're 92 time more likely to be the victim of fraud if you type rather than utilize hardware, such as our personal card swiping device. (see Software Breach 92 Times More Likely Than Hardware Breach)

The good news is that there is a way to "mask" your data and "safely" make purchases online. You have to swipe your own card data before the bad guys do.  The day AFTER this story ran in USA Today, a game changing event occurred. On January 29th, I wrote that HomeATM was pleased to announce that they met PCI 2.0 requirements. When you combine that achievement along with the fact that HomeATM provides End-To-End Encryption (E2EE) protocols, you'll see that there truly is only one way to securely purchase goods online. And that's with HomeATM's online (PIN) debit platform.

Consider the following highlights, er lowlights...from the USA Today article...


  • The number of malicious programs circulating on the Internet tripled to more than 31,000 a day in mid-September...
  • Cybergangs now routinely activate hundreds of accounts by the minute, dedicating them to criminal pursuits.
  • The offense tends to outpace the defense," the FBI said, "The cyberthieves are extremely creative
"This Justin"


They tell the story of Justin Terrazas, 27, a beverage merchandiser from Seattle. Now pay close attention here, so you know what NOT to do. Justin clicked on a Web link that infected his MacBook Pro laptop with a data-stealing program. Not realizing the laptop was compromised, Terrazas later typed his Bank of America debit card number and PIN to pay his Verizon cell phone bill online. The data-stealer swiftly siphoned his information

(Editor's Note: As we've been stating on this blog for almost a year now, NEVER TYPE your Personal Account Number, let alone your PIN while you are online.)


A few days later, someone used Terrazas' debit card account to make a $501.41 online purchase from Modabrand.com, a designer clothing store. The merchandise was shipped to London, leaving Terrazas to unravel a big mess. "This is definitely something you don't need in your life," he said.
  • The boom in cyberthreats that occurred during the last three months of 2008 could accelerate, especially if the economy continues to falter, security specialists say.

  • Organized cybercrime groups have become increasingly efficient at assembling massive networks of infected computers, called botnets, and deploying them to amass large caches of stolen data

  • "There is a well-funded, well-educated horde continually probing for cracks and finding their way in" to consumers' financial information, said Roger Thornton, chief technology officer of security firm Fortify Software.

  • "They are breaching ... the highest levels of the global finance infrastructure and a majority of our home computers."

  • Some cybercriminals have begun to spread malicious programs by corrupting online banner ads. Security firm Finjan reports that new tools being sold on criminal forums can be used to infect online ads that use Adobe's popular Flash player.

  • Last fall, virulent programs called Trojans began to circulate more widely in e-mail and instant-message spam, got embedded in tens of thousands popular Web pages and spread in a widening barrage of online ads. Click on the wrong thing, and you would download an invisible Trojan crafted to steal sensitive data and allow the attacker to control your computer.

  • Unemployed IT personnel potentially can find easy income by purchasingand using crimeware," says Finjan CTO Yuval Ben-Itzhak. "We expect a rising number of people will try.

  • "In the next year or two, these challenges will increase in both breadth and depth of threats," says Larry Ponemon, chairman of Ponemon Institute.
You may remember the "CheckFree is Not HackFree" post, whereby I described how hackers redirected anyone going to their site to a dummy site in the Ukraine? According to the USA Today story, that's just the beginnings of what to expect in the future.
  • "The moral of this attack is that it's so easy to take over your website," Klein says. "I just need to get a hold of your user name and password once. And we all know how easy it is to get your credentials."
Do you really know how easy it is? If you truly did understand the scope of the problem I guarantee that you would never again type your debit/credit card number online. Instead, you would happily acquire HomeATM's PCI 2.X personal card swiping device so you could be protected by both dual-authentication (what you have/your card and what you know/your PIN) and our End-To-End Encryption. None of the threats listed above would have an effect on you, provided you completed your transaction by "swiping your own card" in our personal card reader with built-in PCI 2.0 certiified PIN pad.

Click here
to read the article in it's entirety, (but I think you get the jist) otherwise, click one or more of the 7 links below:
Reblog this post [with Zemanta]

Disqus for ePayment News