Monday, March 16, 2009

Caveat Emptor: Swipe Do Not Type!


Editor's Note:  This article is rather vague but it supports my argument that e-commerce is NOT SAFE in a web browser.  Which is why HomeATM uses hardware to facilitate the transaction. 

How to tell, what to do if computer is infected (AP)  -Yahoo Tech

Computer-virus infections don't cause your machine to crash anymore.  Nowadays, the criminals behind the infections usually want your computer operating in top form so you don't know something's wrong.

That way, they can log your keystrokes and steal any passwords or credit-card numbers you enter at Web sites. 

Editor's Note:  If you Swipe vs. Type then they cannot "log your keystrokes."  


Here are some signs your computer is infected, tapped to serve as part of "botnet" armies run by criminals:

• You experience new, prolonged slowdowns. This can be a sign that a malicious program is running in the background.
• You continually get pop-up ads that you can't make go away. This is a sure sign you have "adware," and possibly more, on your machine.
• You're being directed to sites you didn't intend to visit, or your search results are coming back funky. This is another sign that hackers have gotten to your machine.

So what do you do?  Editor's Note:  The article really provide any sound advice as to what you need to do...it does, however, make suggestions for "possibly" reducing risk. That said, here's what you "don't do:"  Never, ever type your card information into a web browser.  

Which is why it's surprising/befuddling to read about "cautious acceptance" to a supposed PIN Debit solution which "instructs you" to type in your PAN (as usual using your keyboard)  Once you do that, the supposed solution will be "enabled" to decipher whether it's a card that can be used with a PIN. The question begs to be asked.  Who else might be enabled to do the same? If they can do it, so can somebody else. (maybe not right away, but sooner rather than later) 

Caveat Emptor.  By "instructing you" to type in your card information, you're being led down the wrong path from the get go


Here's why.  If you're not leery when suddenly, a "pop-up" PIN Pad appears out of nowhere...then you should be when you're informed that your computer's keyboard has just been remotely "taken over" and locked. 

Why do they do this?  Because it's NOT SAFE to type in a PIN with a keyboard...even though...moments ago, they implied it was safe, to "type in" the card number. 

Am I alone in making the determination that this makes absolutely no sense whatsoever?  What changed?  Is this not an ADMISSION that it's not safe to type in card information using a keyboard?   So now another question begs to be asked.  If their supposed solution is safe, then why would they instruct you to "type" in your PAN, as usual? 

Let's utilize some common sense and assume that since we know that keylogging and clickjacking exist, is  there not the very real likelihood that those two exisiting threats can be combined to create a new one?  Call it: "clicklogging."  Until then, hackers can always resort to screen scraping.

Now let's Add It Up.  Hardware is a NECESSITY.  Just as your cell-phone (which is hardware) requires a peripheral to charge it, whether it's the charger you plug into the wall or the charger you plug into your your car's old cigarette lighter receptacle, a peripheral is a NECESSITY.  The good thing, is that plugging in a HomeATM SwipePIN device is just as quick and easy to plug into your PC or laptop as it is to plug in a phone charger.  And there's NO SOFTWARE to download.  The SwipePIN device is truly plug and play.  Not only does it provide end-to-end encryption, but it also encrypts your cards Track 2 data.  The Black Hats hate the idea of a hardware device.  For that reason, security professionals tend to love it.         



Back to the story...  

• Having anti-virus software here is hugely helpful. For one, it can identify "known" malicious programs and disable them.  If the virus that has infected your machine isn't detected, many anti-virus vendors offer a service in which they can "remotely take over your computer" and delete the malware for a fee

Editor's Note: 
The Hacker's can "remotely take over your computer" for free...(the price you pay comes later when they empty your bank account(s).

• Some "anti-virus vendors" also offer free, online virus-scanning services.  Editor's Note:  ALL "virus vendors" offer free, online virus- infection services.  Plus, tests show that anti-virus programs don't really work that well.

• You may have to reinstall your operating system if your computer is still experiencing problems. It's a good idea even if you believe you've cleaned up the mess because malware can still be hidden on your machine. You will need to back up your files before you do this.


How do I know what information has been taken?

• It's very hard to tell what's been taken. Not every infection steals your data. Some just serve unwanted ads. Others poison your search result or steer you to Web sites you don't want to see. Others log your every keystroke. The anti-virus vendors have extensive databases about what the known infections do and don't do. Comparing the results from your virus scans to those entries will give you a good idea about what criminals may have snatched up.

Translation:  You'll know when you start buying things you didn't buy!



Disqus for ePayment News