In an article written for Compare and Save they talk about Keystroke Logging, the practice whereby a hacker uses malware to monitor their victim's computers in real time and records each keystroke.
Comes in handy for hackers...as long as we keep on typing our supposedly "sensitive" information into boxes at websites. For instance, type in your credit card number and the keystroke logger has it. Type in your expiration date...ditto. Type in your 3 digit CVV and voilla, you hand it to the hackers.
They have their fingers in everything and we use ours to literally provide it for them on a silver platter.
So, why are we typing when that's the problem? I've said it before and I'll say it again. If someone is going to "swipe" your credit card/debit card numbers should you be the one doing the swiping?
They also talk about site spoofing. (cloned websites) Again, HomeATM protects the consumer (and the merchant) from site spoofing because they wouldn't be "typing" anything into a cloned website's box. The bad guys would get 3DES DUKPT encrypted gobblygook. They want to see the numbers...not what they would get if we started swiping our own card details. It's only a matter of time...before everyone realizes how very simple this idea is. In fact, it's so simple, we moved away from writing our numbers into boxes on a piece of paper at a retail store to swiping our card in a credit card terminal in 1978. So why did we go back in time for the web? I love the idea that HomeATM has the only PCI 2.x certified PIN Pad designed for eCommerce use in the world. In time, so will everyone else! In the meantime, watch what happens this Christmas season. The hackers have waited all year for this. For them, it's the most wonderful time of the year.
Here's the short article from Compare and Save....
'Keystroke logging' targets credit card customers
08 December 2009 12:27:23
Swipe Don't Type and Keystroke Logging is Stopped Dead in it's Tracks as there's nothing to Log
Advanced computer hacking techniques used for credit card fraud have been exposed by a new report.
Tech website Pocket-lint.co.uk said that sophisticated financial fraudsters are attempting to capture customers' personal data ahead of the busy Christmas online shopping period.
'Keystroke logging', where a hacker can use malware to monitor their victims' computers in real time, was identified as a common gateway for fraud.
Card criminals are also setting up convincing-looking transaction screens which duplicate the look of well-known shopping websites in order to extract account numbers and passwords from users.
This technique is known as 'site spoofing'.
Figures from IMRG and Capgemini suggest that yesterday (December 7th) was the biggest online shopping day of the year so far. According to the report, sales during the busiest hour for transactions (13:00 to 14:00) were 21% higher than the equivalent hour in 2008.