Importance of end-to-end encryption in the retail space

CardFraudOur attention was caught recently by an interesting article on Retail Week by Verifone, which examined the importance of credit and debit card protection in the retail industry. As Verifone quite rightly points out, the theft of credit and debit card details is a highly lucrative activity and its popularity is growing rapidly worldwide. Indeed, our recent State of Enterprise Security Report revealed that 75% of enterprises have experienced a cyber attack in the past 12 months and that the average associated cost over the year for such attacks was as high as $2million – some pretty striking statistics.

Furthermore, the nature of credit and debit card theft is becoming increasingly sophisticated such that retailers will often process a payment transaction and not even be aware that a data breach has occurred – something that could have a serious impact not only on a retailer’s revenues, but also on their brand reputation. With such serious consequences at risk, Verifone states that it is time for companies to go beyond Payment Card Industry Data Security Standard (PCI DSS) guidelines, and secure entry points across the entire transaction chain.

The article has some good advice to offer retailers and with cybercrime continuing to grow at such a rapid rate, it’s advice that retailers can simply not afford to ignore.

Dominic Cook

March 9, 2010 | Filed Under cyber-crime, data-loss, security | Leave a Comment 

UK ID fraud cases jump a third as malicious insiders turn to cybercrime

CIFASID fraud in the UK has increased by nearly a third (31.79 per cent) in 2009, according to a new report from CIFAS, the UK’s Fraud Prevention Service, as compromised identity details continue to be sold over the internet. The report points to an increase in gangs using collusive staff within organisations to steal personal data online for criminal gain. The CIFAS findings are gathered from its 265+ members across industries including banking, retail and telecoms.

Businesses need to be better protected against the dangers of the enemy within, particularly in industries such as finance and banking, where the value of the personal data held in online databases can be incredibly high. Our recent State of Enterprise Security report found that 40 per cent of businesses experienced a high number of internal, malicious attacks in 2009. In addition, a great deal of damage was also done unintentionally by staff, with 39 per cent of IT managers surveyed saying it’s a ‘high’ or ‘extremely high’ problem.

IT security was, for many years, focused on protecting against external threats and attacks. While those threats still remain, a more insidious threat – the malicious insider – has been steadily rising. The fact that cybercriminals are so well networked within UK businesses in order to bring about this kind of ID fraud, points to their increased professionalism and savvyness.

Symantec recommends that companies assess their policies and processes around employee access to sensitive data ensuring that they are appropriate for the employee’s position and are enforced and regularly reviewed. It advises that data loss prevention (DLP) solutions that offer protection at the endpoint, network and storage levels can also help.

Andy Ng, Data Loss Prevention Consulting Manager for EMEA

March 8, 2010 | Filed Under Insider, security | Leave a Comment 

I’m An Employee… Use My Discount

Police in Florida are looking for ‘Plasma Pat‘ who hangs around outside supermarkets befriending people and offering to buy things for them using his staff discount card. Of course, when they had over the money he makes a swift exit and the customer is left there waiting… and waiting… and waiting.

OK, so this isn’t traditional cyber-fraud, but what would happen if Plasma Pat was borrowing credit cards and PINs in order to ‘buy’ the discounted goods?

Moral of the story… if it sounds too good to be true, it probably is. Don’t hand over your money, let alone a credit card to a stranger who can get you a bargain.

March 26, 2009 | Filed Under Education, data-loss | Leave a Comment 

Presidents, Senators, You And Me

Another famous name has had their bank details stolen and money taken from their account. This time it’s the French President, Mr. Sarkozy. Of course it is not unusual for people to have their details stolen, we have seen other high profile cases in recent months, a US senator had their email account hacked and the Chief Executive of a bank also lost money. Of course if you happen to be you or me then it is unlikely to make the front pages of the news or spark quite the same level of campaign to find the perpetrators.

The interesting point in this latest case is that the thieves just skimmed off a little bit of money at a time, rather than empty the account. The thinking is that you won’t notice – so over time they would make off with more money. What can you do? Simple stuff really:

  • Don’t tell anyone (and I mean anyone) your logon or password details.
  • Regularly change your password.
  • Don’t make your password guessable. (This sounds obvious, but people evidently make them too easy to guess!)
  • Regularly check your statements and query any unknown transactions.

October 20, 2008 | Filed Under data-loss | Leave a Comment 

National Identity Fraud Prevention Week

This week is National Identity Fraud Prevention Week so with luck you will see items in the press about what you can do. The short answer is simple – guard sensitive and confidential information as if it were your own.

Remember, all information is of value to someone, so look after it and when you have finished with it, dispose of it properly. Shred old documentation, erase old disk drives, encrypt sensitive information that is leaving company premises (whether it is on a laptop, CD ROM or backup tape.)

Perhaps the best thing you can do is to get the CEO or Managing director to send an email out to everyone - reminding them about the risks and consequences of losing data. We shouldn’t need a week to remind us of the problems that data loss can create – this is something we need to think about everyday.

October 6, 2008 | Filed Under security | Leave a Comment 

Whaling And Wailing

The Chief Executive of HBOS has been a victim of fraud after a thief stole his identification details – probably from a bank statement. What does this show? Well, anyone can be targeted and everyone needs to be careful. Whaling is the practice of targeting the people at the top of an organization, OK so its usually done by phishing rather than theft – of course the rewards are still the same for the cyber-criminal, money, with the benefit that (hopefully) the man at the top has more than those further down.

What to do? It all comes down to one thing, protect those paper based items from the bin rustlers (or dumpster divers) by shredding them. It doesn’t take much to buy a cross-cut shredder and then it is just a case of getting into the habit of shredding anything and everything with names, addresses and important numbers (bank account details, credit card details, etc) as well as any of those very annoying ‘you have been pre-approved’ applications for credit cards. Put the shredder somewhere where you open the post or where you store old statements so you do it immediately.

It may sound daft, but you need an Information Protection policy for home (as well as at work), protecting both electronic and paper based information. It doesn’t have to long and complex – just a set of simple rules for you and your family. Go out and buy a cross-cut shredder today – you can even get one that will mash up old credit cards and CD ROMs!

August 21, 2008 | Filed Under Information Policy, data-loss | 1 Comment 

You Are What The Internet Says You Are

So if it says that you are going away and all your belongings are up for grabs… then people are going to turn up at your house and take all your stuff, including a horse – without you even knowing. All sounds a little unbelievable? Well it happened this week in the US when a hoax advert was put onto Craigslist and people responded while the owner was out of work…

So what does this mean? Gullible people? People believe everything they read on the internet? We are at the start of a new era of fraud? All of the above? The internet can be seen as an interesting social experiment, with social networking and the influence it has right at the forefront. As we move into the next era of web based technologies and businesses it will become increasingly important to prove that you are who you say you are – and not what someone else says. It will all come down to reputation – protecting and maintaining your own reputation and the reputation of your company… before someone runs off with more than just your belongings.

March 28, 2008 | Filed Under Reputation | Leave a Comment