Security Market Segment LS
Wednesday, 22 February 2017 11:52

Real-time payments a boon to cyber criminals

By

The New Payments Platform set to be introduced in Australia this year could give cyber criminals instant access to transferred funds and limit banks' ability to stop suspect transactions.

The New Payments Platform (NPP) is new infrastructure for Australian low-value payments providing a fast (almost instant), versatile, data-rich payments system for making everyday payments. It enables funds to be accessible almost as soon as payment is received, even when the payer and payee have accounts at different financial institutions.

There is no suggestion that the NPP system is flawed but according to NordVPN it makes it much easier for cyber criminals who steal financial identities — called financial account takeover — to get away with the funds before anyone notices.

Financial account takeover is just that – cyber criminals gather enough information about a victim to dupe banks into allowing them to change passwords and take control of accounts. It is very big business in the US where 15.4 million Americans (up 16% from 2015) suffered personal and financial information breaches. Nearly 40% of those experienced financial account takeovers.

All that is needed is enough “pedigree” personally identifiable information (PII) like date of birth, wife/mother’s maiden name, pet’s name, social security number (in the US), driver's licence number or any of the so-called secret answers to questions usually asked by financial and government institutions.

Cyber criminals trawl social media for PII and add it to the great data lakes on the dark web. As a person’s profile builds from various sources (including data breaches from retailers, hotels, government institutions and more) it becomes a target for cyber activity.

Hordes of freelance miscreants buy such data at about US$3 per record (compared to about 20 US cents for untested data breach data) and use it to impersonate and gain control of a person’s identity. They can start by changing the address for service of accounts leading to account emptying, right up to committing crimes in a person’s name.

The Sydney Morning Herald cites Albert van Wyk, the head of fraud at information agency Experian. He expects scammers to step up their attempts to get consumers' private financial information – used to commit fraud – when Australia moved to a real-time payment system under the New Payments Platform (NPP). "As we move closer to NPP I am expecting a considerable amount of additional emails, texts, phone calls to be launched at consumers to try to gain access to their information," he said.

Van Wyk added, "The general man on the street, I don't believe today, has a clear enough understanding of how important it is to safeguard the information that they have and how important it is to not expose that information to either phishing scams, or emails or texts or phone calls that are inauthentic.”

NordVPN says people who shop online are twice as likely to fall victim to identity theft. Many consumers shop online without any added protection, and sometimes even on open Wi-Fi networks, which are very easy to hack.

There are many ways online shopping can become hazardous to any user. For example, a website may be a spoofed fraudulent one set up by hackers to steal data. Or the online store where one shops may not be using a secure encryption protocol to ensure that their customers’ details are safe during the payment process. Or a customer’s account on the shopping site may get compromised, giving the hacker access to the account.

To stay safe when moving money online or shopping, or performing any other transaction that exposes personal details, NordVPN has provided simple tips

1. https

The first thing one should always see while making an online payment is whether the payment gateway has an https URL. The "s" in the URL means that it is a secure protocol and your data is encrypted on the site.

2. Stay away from public hotspots

It cannot be stressed enough how dangerous it is to share one’s personal or financial information with any website or any person over the Internet while using a public connection. Public Wi-Fi networks are common hunting grounds for attackers and data snoopers who try to access users’ personal information. Since public networks have negligible security, users should try to avoid using them while making online payments – or if they really must, then they must use a VPN.

3. Use a VPN

VPNs encrypt all the data shared between the Internet and VPN server. The encrypted data is sent through a secure tunnel to a VPN server in the country of a user’s choice, and their real IP address is hidden. VPNs are one essential security mechanism to protect personal online data from prying eyes. 

4. Use mobile or e-wallets

E-wallets are said to make online checkouts simpler and more secure. Payment processors, such as Apple Pay, PayPal, Google Wallet and others are already starting to implement this one-click method of payment.

5. Consider a more advanced option: cryptocurrency wallet

For added security, it’s always an option to use cryptocurrency, such as Bitcoin. For example, Blockchain, a technology underpinning bitcoin cryptocurrency, is making it much harder for hackers to decipher financial transactions. Blockchain records financial transactions, and, instead of storing this data in one place, it distributes its cryptographic blocks through the network of computers which makes it much more difficult for hackers to access.

6. Enable two-factor authentication with online accounts

Signing up for two-factor authentication with online accounts makes it harder for fraudsters to steal one’s identity. And even if it’s not foolproof protection from hackers, having a two-factor authentication is better than signing in without it.

7. Add account alerts

Account alerts are another way of self-protection. Whenever there is unusual activity on the account, the account owner will be notified.

8. Stronger passwords

The future of online shopping will most likely involve biometrics — thumbprints and retina scans — which will eventually replace passwords. However, before that happens, the most basic requirement for any online account set-up is using strong passwords. A strong password contains at least 10 characters, lower and upper case letters, numbers and characters. Since they are difficult to remember, password managers can help. Weak passwords make it simple for hackers to break into someone’s account.

9. Clean data from a public computer

If a user is working on a shared device, or especially a public computer, they must delete all the data when the session is finished. This involves deleting browsing history and downloaded files. It’s never a good idea to save passwords on public computers or to enter sensitive information. At the end of the session, the computer must be restarted.

10.  Anti-virus updates

A computer must be up-to-date with the most modern anti-virus and firewall software to protect from the newest potential hacker installed malware and viruses that could also be used to steal one’s personal data.

Being vigilant can help a lot when one shops online. Whenever a website requests more information than is usually required, like Social Security number or any other kind of personal information, it usually spells fraud. Users should always be cautious before giving away their personal or financial details anywhere on the Internet.

The infographic below is from Javelin Strategy and LifeLock.

JA 1

JA 2

JA 3

JA 4 


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments