Monday, December 21, 2009

Happy Xmas and Best Wishes for the New Year

Well it’s that time of the year again and before you know it Xmas will have come and gone. But just thinking about the run up there are many interesting aspects to occupy the mind and for us girls and you guys (eventually) shopping turns into a frenzy. So of course the $64,000 question, do we shop on-line? It’s interesting that a number of my friends have over the last year or so become more and more concerned about the security of using their debit or credit card over the internet to the point at which they have minimised their use to the essentials. As I’ve always pointed out to friends think twice about using a debit card linked to your bank account, the criminal may end up emptying your bank account before you know it. Having a special low value account or a low value credit card significantly reduces your risk against heavy losses and really it goes without saying that getting the bank to put money back into your account is somewhat more difficult than arguing a credit card statement.

It is has been reported by the financial institutions that while online transactions account for about 4% of the total card transactions 50% of card fraud is due to these transactions. It should be noted that the fraud figures really relate to Card Not Present transactions (not cardholder – one hope’s he is actually there) and that of course includes telephone orders.

The trouble is we suffer from ‘Click’ mania, one of my friends compares it to unprotected sex, instant gratification from a friend and it’s only afterwards that we start to worry about the consequences. The email arrives, particularly at this time of the year, from a friend, close or maybe even casual containing a link to something apparently exciting, click here and you will be entertained. The trouble is that all too often we do just that and before you know it some malware has zoomed over the wires/airwaves into your machine. This malware may be frivolous but it can also take over your machine and logging your credit card numbers, bank account details, user names and passwords is just run of the mill stuff for the hacker who sits at home waiting for all the details to arrive.

Of course that's only the half of it we also have professional hackers setting up Phishing and Spearing attacks where they aim emails at all and sundry or some times as in the latter case targeted to specific people, the Spearing attacks are much harder to detect because they can be made substantially unique and operate under the malware detection systems.

Now just think about it for a minute, there is a real risk and it’s already happening to a lot of people that your machine is hosting an alien piece of software that can intercept and override every thing you do and worse, yes it really gets worse, you may be totally unaware of what’s happening.

So where is all this going, well to start with just a recognition that we have a serious problem that’s not going to be fixed any time real soon. We have all heard about the authentication widgets provided by various financial institutions that set out to provide 2-Factor authentication and even a form of transaction signature. The latter is really quite good from a security point of view, they use your financial card to do the cryptography but oh they are so painful to use and I’m not surprised by the negative user reaction. The big advantage is that the keyboard and display form a separate channel to the PC and hopefully have not been attacked by malware.

I want to put it on your Xmas list so here for the gadget zeeks amongst you are some portable USB card reader devices, one for contact smart cards and one for contactless.

They are a joy to hold (please contact our shop if you need one for Xmas) and of course they could be used instead of the calculator sized widget although some trust in the PC is still required but not to the same extent.

Once again, Happy Xmas and best wishes for the New Year from all of us at Smart Card News,

Patsy