Thursday, June 11, 2009

The (P)assword Is: Oxymoron

Online transaction security: Tips for staying safe
By Alex Kidman on 09 June 2009

The online economy is massive, with billions of dollars changing hands every single day. Online shopping has brought consumers lower prices, incredibly diverse choice and an ease of buying that simply can't be matched in the physical world.

At the same time, however, it's not without its perils. Any time that much money is changing hands on a regular basis, there will be sharks circling trying to snap off a chunk of cash.

Consultants QPR recently released a report into credit card fraud in which they estimated the cost of "Card Not Present: fraud in Australia (which logically includes all internet-based transactions) was a problem worth $71,578,908 in 2008, a rise of 33 per cent over the previous year.

So, online buying presents challenges to keeping your money safe, but if you're smart, they're challenges that aren't too hard to overcome. 

Online banking

Banks love online banking; it's cheaper for them to deliver than over-the-counter services, and the convenience of being able to check your balances, transfer funds and pay bills online make it a real winner for consumers as well. The Commonwealth bank, for example, is reported to have at least 2.6 million active online banking customers, with a take-up rate of 60,000 more each month.

In order to access your online banking, you typically need your account number and a password. Needless to say, it's a very bad idea indeed to write your password down somewhere that somebody might find it. That doesn't have to be the end of your banking security, however.

To access your account, you'll typically need an username or client number and a password  Some banks extend their security with additional measures, which range from floating on-screen keyboards (which stop automatic attacks that rely on the position of the entry field being absolute) to the ability to have a secondary code automatically generated, either via a security dongle the bank supplies, (Question:  If you hook up your dongle to your Blackberry would it be called a dongleberry?) or even by having the code sent via SMS to your mobile phone.


Picking a secure password (Editor's Note:  Here's a suggestion for a secure password...Oxymoron!  There is NO such thing as a secure password.  Passwords have two functions.  1.  They provide a false sense of security.  2.  They provide jobs for people who email you your password when you forget it.

But when it comes to providing security never forget these eight words:If you type it...hackers can swipe it.

Editor's Note 2:  I have a better idea.  Lets Keep It Simple...how about taking out your bank issued card, swiping it and then entering your bank issued PIN?  No card, No PIN, No access. Sealed with KISS.

Continue Reading at cnet Australia


Reblog this post [with Zemanta]

Disqus for ePayment News