The Corliss Group Latest Tech Review: How secure are payment technologies?

New payment technologies have the potential to make shopping online and in store more secure, but banks, tech companies and shops must first move to upgrade their systems efficiently and correctly, say cyber safety experts.

The payments industry is working to make it faster and more convenient to move money around. Yet, if implemented wrongly, this can make life easier for hackers too, the security experts say.

“Many of these evolutionary or revolutionary changes have been driven by convenience and ease of use, and often accepting a certain amount of risk,” says Amit Mital, chief technology officer of security firm Symantec.

Making the purchase of goods more secure is a priority for retailers, banks and payment companies. In the US, where payment card technology is less sophisticated than in Europe, retailers have recently been hit by massive data breaches, in which hackers have been able to steal tens of millions of customers’ card and personal data.

The highest-profile technology to hit the market is Apple Pay, which works with the iPhone 6s. It lets shoppers store their credit card information on their iPhone and pay for goods by tapping the phone on an in-store receiver. Because of a technology called “tokenisation” experts say it is more secure than current card systems.

With tokenisation, merchants receive data that obscures the shopper’s actual credit card number, reducing the chance that hackers can steal usable data from merchants’ internal systems. Because iPhones use fingerprint recognition to verify shoppers’ identity, it is also nearly impossible for a thief to steal an iPhone and make a purchase.

“We do not see any concern on our side in terms of security,” says Thierry Denis, president in North America for Ingenico, a manufacturer of credit card readers.

But there is a catch. In the first few months after Apple Pay’s launch last year, thieves have been able to take stolen credit cards, load them on to iPhones, and go shopping. They have not compromised the technology, but have got through the banks’ processes for checking — during the Apple Pay set-up — that the customer adding the card to his or her phone is the card’s real owner.

That fraud started showing up within a month of Apple Pay’s launch last year, with the level of fraud seen through the set-up far higher than that seen typically seen in credit cards, according to Cherian Abraham, a payments analyst who wrote one of the first blog posts to call attention to the issue. Given Apple’s sophisticated technology, the fraud was a “surprise to all”, he wrote.

Mr Mital of Symantec said the recent incidents of fraud on Apple Pay were “more of a failure in process than in technology”.

Joe Majka, chief security officer of Verifone, a manufacturer of point of sale terminals where shoppers swipe their cards, says that better encryption on such devices could be a security “game changer”, if widely adopted.

Like tokenisation, encryption means that hackers cannot make as much use of data they might steal if they are able to get into a retailer’s network.

Retailers have been slow to adopt such encrypted systems for various reasons. Regulations in the US are changing later this year and retailers will soon be responsible for the cost of fraud if they do not accept chip-and-pin cards, which make transactions more secure than when users just swipe their card.

But small retailers do not often see fraudulent purchases and so may be reluctant to spend on upgrading, without realising that their older systems mean they could be giving hackers a way to steal their customers’ data, says Mr Majka.

For larger retailers, making the shift takes work.

“When you talk to merchants and [payment] processors,” says Mr Majka, “there are so many changes in their systems, in their coding, that have to be made to accommodate an encrypted transaction.”
Other innovations featuring purely digital mobile payments via apps also face risks.

Cash-transfer app Venmo, which is owned by PayPal, recently faced media reports highlighting how hackers could access the app to transfer money to themselves.

Venmo has since added better email notifications and is adding multi-factor authentication to make logging in more secure. But the fact that this was already standard on services such as Gmail underlines how companies do not always use the most secure solutions available on the market.

Similarly, while US banks have been rolling out the more secure chip-and-pin cards for many months in anticipation of the regulatory changes this year, they are not yet available to all consumers.

Mr Majka of Verifone replaced his card recently and wanted a chip card. His bank, however, said he would have to wait. “It’s a little disappointing,” he says.

Advertisements

The Corliss Group Latest Tech Review – Protect Your Assets By Practicing Common-Sense Cybersecurity

Let’s get the scary stuff out of the way upfront: Cybercrime costs the global economy $575 billion annually, according to reports. The United States takes a $100 billion hit, the largest of any country, according to Politico. A report from former U.S. intelligence officials counted 40 million people whose personal information was stolen within the past year.

 

Online theft is huge, and it only seems to be getting worse. Hardly a week goes by without some story about hackers penetrating a computer system somewhere. Corporations, individuals, even White House servers were hacked last week. I sometimes wonder just how difficult it is for a determined bad guy to access grandma’s checking account or your neighbor’s IRA and grab those assets.

 

I am not the only one thinking about this. New York State Department of Financial Services issued a report on cybersecurity in the banking sector, where more than 150 organizations rely on third-party service providers for critical banking functions. The regulators want the banks to tighten security.

 

So should you.

 

We spend most of our time in financial markets looking at ways to deploy our capital: What assets to buy or sell, how much we should save for retirement, whether we should own more of these stocks and less of those bonds.

 

We don’t spend so much time thinking about the ways we can lose that money — to fraud and to common theft. We should be more vigilant, especially as we move our lives online, with digital access to our checking and savings accounts, our online portfolios, even our taxes.

 

It is impossible to make yourself hack-proof, but you can make yourself less vulnerable.

 

It all starts with some common-sense security steps. Three ways you probably can improve your existing practices: Develop better e-mail habits, beef up password security and (as always) remember that your behavior is the root of most of your problems.

 

Get your e-mail act together

 

Every day, your inbox fills with all manner of junk. Some of it is merely time-wasting nonsense, but let’s not forget about the really dangerous stuff: phishing schemes, malicious viruses and malware. It seems the only reprieve we get are those rare occasions when the main servers in Russia — a.k.a. Spambot Central — gets temporarily knocked off-line.

 

It’s more than a huge productivity killer, it’s a financial hazard. That $100 billion a year we mentioned above comes out of everyone’s pockets. Even if you have not been hacked, you are paying for it in some way. Banking costs are higher as financial firms spend hundreds of millions of dollars a year on security.

 

People have tried a variety of ways to tackle this: Filters, whitelists, e-mail verifiers and trusted ID services; disposable ­ e-mail addresses from sites such as Mailinator; “junk” e-mail addresses from Hotmail, Yahoo or Google. And still the danger keeps coming.

 

I have a few tricks I use to keep the really nasty stuff under control, such as:

 

  • View e-mail as plain text.

 

All of the bad links, embedded viruses and other malware go away when you select “view as plain text.” Sure, you lose all of the graphics and links, but you lose the threats as well.

 

  • Create a primary e-mail address.

 

This is your main address — for colleagues, clients and peers. Never share this e-mail address. Don’t subscribe to anything using this address — no Internet mailing lists, no subscriptions, nada. Use this address alone for your finance- and business-related e-mails. Anything unrelated is junk; treat it that way. Block the domains of senders. Mark junk mail as junk.

 

  • Use an e-mail forwarder.

 

I have been a big fan of Leemail.me. Instead of giving out my e-mail address, I use Leemail to auto-generate an address whenever I want to share my e-mail with an unfamiliar company. It forwards my e-mail from the company to me. When I want to shut that sender off, I flick a button.

 

Tracking the companies that share or sell your e-mail address is invaluable. The basic version of Leemail is, astonishingly, free, and the upgrade is only a few bucks a year.

 

  • Don’t hit “unsubscribe”; get blacklisted instead.

 

There are a number of companies that provide e-mail services to third parties, shops such as Constant Contact, Vertical Response and iContact. They are the middlemen between businesses and consumers. And while they claim to be “opt-in only” and not spammers, in truth, they are subject to whatever bad behaviors their clients engage in. They all have become legal quasi-spammers.

 

On every e-mail these companies send, there is an unsubscribe button. NEVER CLICK THAT. When you do, you are not unsubscribing. Rather, you are verifying that your e-mail address is legitimate.

 

Instead, go to the company Web site and track down the customer service number. Call customer service and insist on having your e-mail or domain “blacklisted.” Thats the only way to ensure you will truly be unsubscribed. If the company refuses, file a Federal Trade Commission complaint.

 

Password security

 

If you were like I was five years ago, you had one simple password that you used for everything — Amazon, Facebook, Wall Street Journal — everywhere. This could’ve been disastrous. Now all passwords are different. Avoid the common errors, such as using birthdays or your kids’ names. Never use sequential numbers. And for goodness sake, don’t use “password” as your actual password.

 

Put all of your passwords on a document named something other than “My passwords.” I find burying passwords somewhere in a spreadsheet to be useful. Print out a copy and place it in your safety deposit box with other important papers.

 

Your biggest risk? You.

 

I have said all too often that when it comes to investing, people are their own worst enemy. Behavioral problems are rife in security as well. Get into the practice of thinking about security, and soon it becomes second nature.

 

The Securities and Exchange Commission has gotten much more serious about personal financial data security. They have informed advisers and brokers that there is a duty to protect client data. When we set up our wealth-management practice, we put into place specific policies and procedures to protect clients:

 

  • All sensitive information is sent by secure e-mail using a third party for encryption.

 

  • We never e-mail Social Security numbers or account numbers or other private data via regular email.

 

  • We went totally paperless. Our file cabinets are empty, everything is cloud based.

 

  • Any documents that arrive are shredded, so even our outgoing garbage is secure with nothing usable to a thief.

 

Most of this is common sense. However, many people are still vulnerable. With smarts and a bit of awareness, you can make your financial assets much more secure.

The Corliss Group: White House Cybersecurity Event to Draw Top Tech, Wall Street Execs

Government to Call on Companies to Help Improve Information Sharing as Breaches Get More Sophisticated

President Barack Obama will convene top executives from Silicon Valley, Wall Street, and a number of other industries on Friday in a first-of-its kind cybersecurity “summit” taking place as the government and corporate executives each struggle to adjust to persistent and sophisticated breaches.
The Corliss Group - White House Cybersecurity Event to Draw Top Tech

Mr. Obama will be joined at the Stanford University event by top officials at the Department of Homeland Security, U.S. Secret Service, and Federal Bureau of Investigation. The officials will call on companies to share more information with the government in an effort to combat future cyberattacks, a plea officials have made for months with limited success.

Mr. Obama’s presence at the event has drawn what has emerged as a Who’s Who of corporate leaders, reflecting a growing acknowledgment that many companies need to rethink their cyberdefenses.

Apple Inc. Chief Executive Tim Cook will deliver remarks about his company’s push toward a more secure payment system, a theme the White House is expected to try to reinforce for other companies throughout the event.

An Apple spokeswoman confirmed that Mr. Cook will be speaking at the summit. He is expected to focus on Apple’s experience with mobile payments. Apple introduced Apple Pay in October, touting a security feature aimed at reducing the chances of credit-card theft.

Mr. Cook will be joined at Stanford on Friday by the CEOs of Bank of America Corp., U.S. Bancorp, American Express, Kaiser Permanente, Visa Inc., MasterCard Inc., and PayPal who also will speak on panels at the daylong event, along with representatives from Facebook Inc., Google, Intel Corp., and a numerous other companies.

Input from these executives is notable, as they collectively hold health, financial, search-engine, and social-media records on tens of millions of Americans. A number of the firms, particularly the technology companies, have sparred with the federal government over privacy concerns in recent years.

To acknowledge those concerns, the White House is expected to make privacy a central theme at the summit, in addition to consumer protection and cybersecurity techniques.

In addition to remarks from Messrs. Obama and Cook, the seven-hour event will include multiple panel sessions, including separate discussions of public-private collaboration, consumer protection, and payment technologies.

The entire event will be live-streamed on the White House’s website.

Senior administration officials see the event as a continuation of two years’ worth of cybersecurity initiatives, but the issue has taken on more urgency in recent months as the number of cyberattacks has increased dramatically. And recent large-scale breaches at Sony Pictures Entertainment Inc. and Anthem Inc. have led to an internal debate among government officials over whether the government should heighten its response to cyberattacks carried out by foreign countries.

Also notably, the White House’s list of panelists and speakers at the summit doesn’t include representatives from many of the large companies that have suffered major breaches in recent years, such as Home Depot Inc., J.P. Morgan Chase & Co., Target Corp., Sony, or Anthem. A senior administration official said these companies weren’t excluded from panels at the event.

Also missing from the list of panelists and speakers are officials from the U.S. intelligence community, such as the National Security Agency and Central Intelligence Agency. Intelligence officials often collect information about cyberthreats, and the White House on Tuesday announced a new office that is meant to collect and analyze their data.

But many technology companies remain skeptical about the operations of these agencies, particularly the NSA. A senior administration official said officials from the intelligence agencies would be at the event but officials from the agencies like the FBI and DHS were tapped to speak because they interact directly with the public to discuss cyber issues.

The Corliss Group Latest Tech Review: Security Experts Offer Online Shopping Tips

As Americans spend billions on holiday shopping this month, online security experts say a little caution can go a long way when it comes to avoiding identity theft.

“In general online shopping is good. It’s safe for the most part, but it’s the safest when you initiate the contact, when you log onto a known website,” said Rick Avery, president of Boston-based Securitas Security Systems.

Directly visiting trusted, reputable online retailers is just one way to attempt to avoid the cyber criminals who try to steal sensitive information from vulnerable computers and unsuspecting consumers.

“There is a risk in commerce …” said Sam Ransbotham, an information systems professor at Boston College. “There is also a risk from walking around with a wad of cash. We’ve got years and years of experience walking around with wads of cash that we just don’t have with these newer mechanisms.”

Purchases at brick-and-mortar stores aren’t immune to data breaches either. Last year, hackers stole data from 40 million credit cards from Target, while cyber thieves got information from 56 million credit cards from Home Depot earlier this year.

To reduce the chances of fraud, Avery advises that shoppers be wary of offers sent via email. Criminals, he said, may send legitimate-looking emails that appear to be from online merchants or banks. Rather than clicking on a link in an email, he recommends directly typing the website address into your browser.

“One of the most dangerous ways people get involved with credit card fraud or theft on the Internet is they get emailed a link offering 50 percent off, or saying it’s from the bank, and it’s actually a false website made to look like the authentic website,” he said.

Cyber criminals can use fraudulent websites to gather financial information from a person or install malware on their computers.

“If you’re shopping around and find an extra, extra really good deal, that might be the online equivalent to buying cheap speakers out of the back of a truck,” Ransbotham said. “If it’s too good to be true, it is.”

Avery also recommends using credit cards or one-time use credit cards instead of debit cards.

“Some banks have protections on a debit card, but not all do at the point of an ATM,” Avery said. “Usually, your debit card is tied to your other banking accounts, and it’s a lot more difficult to get your money back. It may be weeks before you get your money back.”

In some cases, a victim might never get that money back.

The Corliss Group Latest Tech Review: Top tips to stay safe while shopping online on what promises to be one of retail’s biggest days of the year

Cyber Monday is set to be among the biggest shopping days of the year – but how can you avoid becoming the victim of online shopping fraud on Monday?

Experian found that last year saw a huge lift in Black Friday’s significance, with a 19 percent increase in visits to retail websites last year (29 Nov) compared to 2012. Cyber Monday is also increasing, with a 9 per cent increase last year on 2012’s figures.

Meanwhile, the rise of ‘click & collect’ services, and a greater trust in retailers being able to deliver well in time for Christmas, has resulted in a trend for people being more comfortable leaving their Christmas shopping until a Monday later: Manic Monday, you might call it.

A few things to remember if you are doing the bulk of your Christmas shopping online, according to Experian:

  1. It’s best to use websites that you know and trust. Always look for a security padlock icon in the top left hand corner of a page before you register financial or personal information on a website. And if an online deal you find, or have been emailed, sounds too good to be true, it quite probably is.
  2. Use strong passwords, especially if you have stored payment details, and it’s a good idea to change them every now and then. If possible, install the latest anti-virus and firewall software. If you’re out and about, make sure you can’t be overlooked when you make a mobile payment – be especially careful around wi-fi, even at home.
  3. Keep an eye on your bank and credit card account balances. Your credit report can also show you if there are any irregularities, such as suspect applications for credit and rises in card balances. As a CreditExpert member you can get unlimited views of your Experian Credit Report and alerts to credit activity in your name so you can spot potentially fraudulent activity.
  4. Buying on credit can give you protection. If you buy goods or services on your credit card, you have extra protection if things go wrong (clothes don’t fit, unwanted gifts etc.) compared with paying by cash or even debit card, under section 75 of the Consumer Credit Act.

Corliss Tech Review Group provides some tips and reviews on how to secure you through online and technical issue. Our substance is short yet to the point, and intended to challenge you to live in and nurture with IT technologies. For more update, just visit our blog site.

The Corliss Group Latest Tech Review: Logitech K480 Keyboard Works with Anything You Own

bluetooth-multi-device-keyboard-k480-1-650x358

It’s a truth as universal as it is annoying; if you want all your devices to work with a specific keyboard, well, you’ll probably need either one for each, sign on for precisely one device ecosystem, or get used to swiping in words. Travelers in particular are driven insane by this problem, so Logitech decided, quite cleverly, to solve it with the K480.

Swiss Army Keyboard

There are two problems with modern portable keyboards. The first is, as we noted, device compatibility. Ask anybody who’s had to install drivers just to get a basic keyboard to work, the various device ecosystems out there don’t play well with each other and seemingly want to drive you insane.

Logitech solves this with some clever design. You can switch between three different places to send your words, so that regardless of whether you’re all Apple, or a mix of Apple, Chrome, and Windows, you’ll be able to use the keyboard and get the point across. Basically, if it uses Bluetooth, you’re all set to type.

At The Trough

The second problem is keeping all your stuff organized; you’ve got your phone over here, your tablet over there, and your laptop in front of you… and many keyboards want to be docked solely at your tablet. How does Logitech solve this? Simple: It puts a trough at the top of the keyboard that can easily be used to stand up both your tablet and your phone, and to type away at both of them with ease.

A Keyboard For The Multitasker

k480-650x281

Multitasking, or at least sorting through your various tasks properly, can be a profoundly annoying experience, and Logitech deserves credit for looking at how we actually use our gadgets and creating a keyboard that fits in with them. If that’s something you need, it starts at just $50.