Security's Everyman

Security's Everyman

Thursday, May 17, 2007

Identity Theft on the rise

One of my biggest fears is to have my Identity stolen or my financial data compromised. I'm careful about what I do online and when I do transact financial business online I'm careful to do it only from a PC that I trust and feel confident is free of malware. I check the URL to ensure that it's using a valid SSL cert and that it is the actual URL of the site I want it to be and not a phishing site. I only deal w/ reputable sites. I never give credit card info to those I don't know. If they won't accept PayPal then I don't buy from them. I don't click on links in emails that point me to financial sites. I always go to the site and navigate manually to the page that I need.

When it comes to physical transactions (ATM cards, Debit Cards, POS, etc) I check to ensure that the terminal is properly installed (as much as a visual inspection can do). I check to ensure that it's not a "face plate" over the real scanner that will capture my data. I ensure that I enter my PIN in a way that is not easily seen by others. I shred my receipts and others paper documents that may be used to steal my ID or financial data.

I take all of these precautions and still am in danger of being "tricked" into having my data stolen. This article from PC World points out that the crooks are getting better at getting our data. Of course this has been known for a long time, but now they have card terminals that are identical to those you use at WalMart and other stores. The only difference is that they have a circuit board that captures all card data. Then the crooks come back and get their terminals and your data.

Obviously this isn't easy and it takes skill and planning. It works because it looks and works the same. So now retailers and vendors have to step up their security to ensure that this doesn't happen. They have to develop and put measures in place to ensure that when a "rogue" terminal shows up on the network that it won't work. I don't know what they would be because I don't know the specifics of how they work, but I'm sure something such as encryption keys or activation keys that have to be entered prior to them coming online is a reasonable possibility. There must be some way of identifying each terminal and not allowing them to come online until they have been "approved" and entered in the system.

The key here is that if we are going to win this war vendors have to design their products in such a way that the plug and play mentality won't work. Making things easy is great but it doesn't work. It makes us less secure and makes the lives of the bad guys that much easier.


Michael Durnack said...

While I do agree that technology is making it easier for thieves to steal, studies that have shown over 55% of identity theft was controlled by the consumer and could have been prevented if the person had not exposed themselves to the situation.

Those items include leaving personal information exposed or available to friends and family housekeepers, teenagers friends, mail sitting in the mailbox, leaving a laptop on the seat of the car in the mall parking lot or at the coffee shop table while you grab an extra creamer at the counter, and the list goes on.

The key is recognizing which social behaviors and vulnerabilities you are exhibiting and change them.

The ID thieves are exploiting the low hanging fruit, they do not have to go very far to pick some. It is everywhere and until people start defending their personal information by looking at what they doing personally, and modify those behaviors.

You are not going to protect yourself 100% due to factors beyond your control, but with some simple changes, you can change the odds significantly in your favor.

merjoem32 said...

And so the dark side of the Internet rears its ugly head... I guess we all just have to live with the danger of identity theft. We need to be careful when we do business online. There are honest people who are involved in Internet marketing but a few just want to have easy money and cause havoc.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.