Tuesday, May 19, 2009

eCommerce Forecast: Cloudy with Data Not in the Clear

Editor's Note:  I read this article and it occurred to me that these "type" of articles are part of the problem.  They tell you to pick a "secure" password and "never give out your password" to phishers.  I suppose that's good advice, but that won't help you if someone either "keylogs" your username/password or fools you into thinking you are at the real online banking site when, in reality, you are at a "cloned" one.  Why does a blatantly clear problem need to be "magnified" in order to "see" that the best way to log-in to an online banking site is to swipe your card and enter your PIN outside the browser space whereby it is 3DES end-to-end encrypted by the ONLY PCI 2.0 Certified PIN Entry Device specifically designed for eCommerce and authentication use.  Average Cost of a Phishing Attack.  $350...Average Cost of our device: $12  Do the math.  At the end of the day, passwords are obsolete and articles like the one below need to start messaging that fact...in the meantime, I guess that's my job!

Source: msokorea
Complete item: http://www.msokorea.com/personal-finance/0,6600,404400,00.html

Description:
It is now possible to pay bills, move money between accounts, set up direct debits and standing orders, and even apply for overdrafts and credit all from your own home, all online and on your own PC.

Despite this convenience, for many people there is still a lingering mistrust of the technology involved : will your money be safe if you bank online? The answer is, for the most part, yes - so long as you follow a few basic principles.

Firstly, if you have the option to choose your own password for online services, then make sure that the password you decide on is secure. (Editor's Note: Since "secure password" is an oxymoron, a good password might be "Jumbo Shrimp" )This means that it shouldn't be easily guessable - avoid using the name of your pet or child, for example, and don't use the numbers of your birthday. An ideal password should be easily memorable, but hard to guess, and using a combination of letters and numbers is highly recommended. For example, a good password could be the name of a food you hate, along with a number that is significant in some way to you - e.g. mushrooms37. Such a password would be almost impossible for someone to guess, but will also be very easy for you to remember.

One the subject of passwords, it's vital that you never give out your personal details in response to a 'phishing' attack. (Editor's Note:  I would say "never give out your personal details period, and the best way to make sure you don't is by swiping, not typing)  Phishing is a subject worthy of it's own article, but in brief: if you receive an email purporting to be from your bank, asking you to reconfirm your details or to log into your account urgently, then ignore it. It will NOT have been sent by your bank, but by fraudsters attempting to steal your identity.

Another important security measure is to avoid logging in to your online banking service on a publicly accessible computer - for example, at work or in an internet.   You can never be sure what details about your internet use are being stored on a PC you don't own, and even if you log out of the service when you've finished it's highly possible that the next user of the machine could, with effort, discover your details and log on to your account.  (Editor's Note:  EVERY computer is "publicly accessible" even the one in your house.  It's just that the "pubic" is more accurately defined as "hackers".)

Remember:  When it comes to hackers:  You type, they swipe...but when "You" swipe, you're nt their type."

Reblog this post [with Zemanta]

Disqus for ePayment News