Friday, March 27, 2009

Online Theft Doubles...Fastenating!

FT.com|New alert after online theft doubles

New alert after online theft doubles  By Elaine Moore - Financial Times|Published: March 27

Online shoppers are being advised to protect themselves against a doubling in cyber-crime. Last year, thieves stole more than £50m through website purchases, according to the UK payments association, up from £22m the year before.

And there are now signs that banks may be looking for ways to avoid responsibility for covering these losses. Under the Banking Code, those who have not acted with “reasonable care” to protect their details won’t be protected. However, “reasonable care” no longer means safeguarding PIN details but having up-to-date antivirus software and avoiding malicious emails.  (Editor's Note:  That being the case, good luck!...I have a better idea...why don't the banks step up THEIR security?) 

Banking security expert Steven Murdoch, from the University of Cambridge, says the most effective protection should come from the banks, but there are some things that consumers can do.

(Editor's Note:  Agreed...the most effective protection should come from the banks!  It's time to get rid of the Username: _________  Password: _________  (time is UP)  and time to use "real authentication." 

What better to "authenticate" yourself than to log on to your online banking session by "swiping your card" and "entering your PIN" with a device that is not only PCI 2.0 PED Certified, but also encrypts the Track 2 data?  Can you think of one? 

For more information or to further my case... you can read my post on how
HomeATM Prevents the "Cloned Bank Site" Threat.  It shows how consumers typed in the website of their bank, were brought to a cloned site, entered their username and password into what they thought was the REAL site, and voila!, the fraudsters went to the real site and emptied their bank account.  Never would have happened if the banks customers were equipped with a SAFE-T-PIN device.   Never.

Using the SAFE-T-PIN to log on is the EXACT equivalent of using an ATM in the LOBBY of your Bank.  Not the same as using a satellite ATM down the street...the same as using the one in the lobby....or at a teller for that matter. 

The SAFE-T-PIN is a simple fastening device, it fastens 3DES DUKPT Security to all transactions.  None of the information on the card, the magentic stripe or the PIN is EVER in the clear.  Fastenating...isn't it?  To learn more, click the graphic on the left.


Back to the story from FT.com...


Get Safe Online (www.getsafeonline.org), the government-backed consumer website, is a good place to start. It offers a range of tips and advice.

Emails from unknown sources, especially those with attachments, may contain a virus to infect your computer and steal details, and so should be left unopened and immediately deleted. It is also possible to download software that can protect a computer from attack. The best known packages are those from Norton, McAfee and Kaspersky. These can be found and downloaded from an online search. It’s also a good idea to update the software regularly. Hackers also find to easier to infect computers through old versions of web browsers, so renewing computer program such as Internet Explorer can make it harder for them.

Even so, Murdoch says 80 per cent of viruses go undetected by virus checkers.

Some of the simplest ways to protect the security of bank details online are those that many online shoppers ignore. Using different passwords for online accounts, and making the passwords as complex as possible, can prevent hackers who obtain one password from gaining access to a customer’s details elsewhere.  (Editor's Note:  Can we PLEASE get off this Password bandwagon that's been taking consumers, financial institutions and IT departments for a ride for years?) 
 Read the Article in it's Entirety at Financial Times



Reblog this post [with Zemanta]

Disqus for ePayment News