The New Payments Platform (NPP) is new infrastructure for Australian low-value payments providing a fast (almost instant), versatile, data-rich payments system for making everyday payments. It enables funds to be accessible almost as soon as payment is received, even when the payer and payee have accounts at different financial institutions.
There is no suggestion that the NPP system is flawed but according to NordVPN it makes it much easier for cyber criminals who steal financial identities — called financial account takeover — to get away with the funds before anyone notices.
Financial account takeover is just that – cyber criminals gather enough information about a victim to dupe banks into allowing them to change passwords and take control of accounts. It is very big business in the US where 15.4 million Americans (up 16% from 2015) suffered personal and financial information breaches. Nearly 40% of those experienced financial account takeovers.
Cyber criminals trawl social media for PII and add it to the great data lakes on the dark web. As a person’s profile builds from various sources (including data breaches from retailers, hotels, government institutions and more) it becomes a target for cyber activity.
Hordes of freelance miscreants buy such data at about US$3 per record (compared to about 20 US cents for untested data breach data) and use it to impersonate and gain control of a person’s identity. They can start by changing the address for service of accounts leading to account emptying, right up to committing crimes in a person’s name.
The Sydney Morning Herald cites Albert van Wyk, the head of fraud at information agency Experian. He expects scammers to step up their attempts to get consumers' private financial information – used to commit fraud – when Australia moved to a real-time payment system under the New Payments Platform (NPP). "As we move closer to NPP I am expecting a considerable amount of additional emails, texts, phone calls to be launched at consumers to try to gain access to their information," he said.
Van Wyk added, "The general man on the street, I don't believe today, has a clear enough understanding of how important it is to safeguard the information that they have and how important it is to not expose that information to either phishing scams, or emails or texts or phone calls that are inauthentic.”
NordVPN says people who shop online are twice as likely to fall victim to identity theft. Many consumers shop online without any added protection, and sometimes even on open Wi-Fi networks, which are very easy to hack.
There are many ways online shopping can become hazardous to any user. For example, a website may be a spoofed fraudulent one set up by hackers to steal data. Or the online store where one shops may not be using a secure encryption protocol to ensure that their customers’ details are safe during the payment process. Or a customer’s account on the shopping site may get compromised, giving the hacker access to the account.
To stay safe when moving money online or shopping, or performing any other transaction that exposes personal details, NordVPN has provided simple tips
The first thing one should always see while making an online payment is whether the payment gateway has an https URL. The "s" in the URL means that it is a secure protocol and your data is encrypted on the site.
2. Stay away from public hotspots
It cannot be stressed enough how dangerous it is to share one’s personal or financial information with any website or any person over the Internet while using a public connection. Public Wi-Fi networks are common hunting grounds for attackers and data snoopers who try to access users’ personal information. Since public networks have negligible security, users should try to avoid using them while making online payments – or if they really must, then they must use a VPN.
3. Use a VPN
VPNs encrypt all the data shared between the Internet and VPN server. The encrypted data is sent through a secure tunnel to a VPN server in the country of a user’s choice, and their real IP address is hidden. VPNs are one essential security mechanism to protect personal online data from prying eyes.
4. Use mobile or e-wallets
E-wallets are said to make online checkouts simpler and more secure. Payment processors, such as Apple Pay, PayPal, Google Wallet and others are already starting to implement this one-click method of payment.
5. Consider a more advanced option: cryptocurrency wallet
For added security, it’s always an option to use cryptocurrency, such as Bitcoin. For example, Blockchain, a technology underpinning bitcoin cryptocurrency, is making it much harder for hackers to decipher financial transactions. Blockchain records financial transactions, and, instead of storing this data in one place, it distributes its cryptographic blocks through the network of computers which makes it much more difficult for hackers to access.
6. Enable two-factor authentication with online accounts
Signing up for two-factor authentication with online accounts makes it harder for fraudsters to steal one’s identity. And even if it’s not foolproof protection from hackers, having a two-factor authentication is better than signing in without it.
7. Add account alerts
Account alerts are another way of self-protection. Whenever there is unusual activity on the account, the account owner will be notified.
8. Stronger passwords
The future of online shopping will most likely involve biometrics — thumbprints and retina scans — which will eventually replace passwords. However, before that happens, the most basic requirement for any online account set-up is using strong passwords. A strong password contains at least 10 characters, lower and upper case letters, numbers and characters. Since they are difficult to remember, password managers can help. Weak passwords make it simple for hackers to break into someone’s account.
9. Clean data from a public computer
If a user is working on a shared device, or especially a public computer, they must delete all the data when the session is finished. This involves deleting browsing history and downloaded files. It’s never a good idea to save passwords on public computers or to enter sensitive information. At the end of the session, the computer must be restarted.
10. Anti-virus updates
A computer must be up-to-date with the most modern anti-virus and firewall software to protect from the newest potential hacker installed malware and viruses that could also be used to steal one’s personal data.
Being vigilant can help a lot when one shops online. Whenever a website requests more information than is usually required, like Social Security number or any other kind of personal information, it usually spells fraud. Users should always be cautious before giving away their personal or financial details anywhere on the Internet.
The infographic below is from Javelin Strategy and LifeLock.