The big bank cyber cover-up

15 04 2015

Something that I have long suspected (and been aware of) is that banks don’t like admitting when money goes missing. It doesn’t matter if it is their money, or yours and mine, the point is if anything goes missing it looks bad for an institution that is supposed to be your secure holder of money. It really doesn’t matter the circumstances either, be it with a dodgy employee doing something naughty at the cashier’s desk, or customers being subjected to cybercrime and fraud, the fact is the bank won’t report it…This thought of mine is backed up by a statement made by the City of London Police chief Adrian Leppard, claiming that he believes up to 80% of online crime goes unreported. Have a read of this article in finextra http://www.finextra.com/news/fullstory.aspx?newsitemid=27226

The challenge

So why is cybercrime growing so massively? The simple fact is, something I’ve been complaining about for a long long time now, is that no matter what you do, you cannot secure something that is inherently not secure. What do I mean? Well card details are not secure. They are printed on the thing, nothing sophisticated is needed to get hold of card details at all. This means card schemes, banks, payment service providers, online payment gateways, businesses, all have to spend vast amounts of money on trying to prove that those card details (at the point of a purchase) are in the hand of the owner. The simple fact that I can get those card details so easily, means that for a person willing to undertake some cyber fraud or card fraud in general, it’s easy, it’s a weak point in the system.

My point is proven even when you add technology upon technology upon technology. Just look at the recent issues with Apple Pay. Apple, claiming the system is so secure is actually not a million miles away from the truth, if Apple could secure the card details that were added to the device, but since these are not secure in any way shape or form, it’s easy to just add other peoples card details to my own Apple device and away I go…

The solution?

The solution is so blatantly simple it frustrates me. Move away from Cards! We don’t move away from cards because of the cost of the card scheme infrastructure, an infrastructure that is so massively outdated in today’s cyber world. Card schemes are simply easy pickings for cyber fraudsters.

When I say move away from cards, I don’t mean just replace the physical card with your phone, ala Apple Pay, I mean ditch the scheme itself. There really is no need for a card to be required in a transaction, this is proven by a number of mobile payment technologies out there that move away from card schemes and look at their own scheme effectively, utilising “e-money”. These businesses / schemes have a massive opportunity to provide security that simply removes fraud, build technology built with modern day living security in mind, and all of a sudden, the fraudster’s life is much much harder. If you detach from the dependency on a card scheme, you have payment systems that are secure, you reduce fraud, you reduce risk, and you drastically reduce the cost of a transaction for a business, and ultimately the cost of products / services consumers purchase.

The only issue, business adoption, educating businesses of the benefits to them, the cost savings and the difference in user experience. That’s the massive challenge, something why mobile payment start-ups are failing. Business owners simply don’t have the time to be educated on this stuff….

So the company that cracks that nut, could get a new scheme out there and start reducing the levels of cyber-crime….Sure the banks eventually will like that idea!

Advertisements




Want security? Privacy? Respect for Data Protection? Then Boycott Google…

1 06 2010

I think this last week has made me realise that, though Google offers so many great things in terms of their search engine and even some software, I have had it with them as a company and will no longer use any of their products….To put it bluntly, they simply don’t have any consideration of peoples personal data or any morals when it comes to collecting data and information that they simply shouldn’t, even if its the law…

For sometime Google has been accused of, well let’s say, tracking what people do on line and gathering personal information without consent. Recently there has been a number of issues linked with their own gMail etc. Then we come to the “street view” issue, which so many people in the UK objected too, and yet Google carried on no matter what….

Street view

Here in the UK many people and groups objected to the Google street view project. A number of national papers also voiced concerns of the project, however, Google seemed to be able to say “tough” and get on with it. Though there were a few changes made to the images that showed up online (for privacy) basically Google got to do what it wanted. However, from the same project, we hear that Google was also spying on people’s personal Wi-Fi connections, their online activities and wherever possible, gathering personal details such as eMail accounts. To top it off, Google didn’t feel there was anything wrong with this and didn’t even bother to inform local councils etc this was actually going on…(Probably because they knew this wouldn’t be approved).

Though Google now apologise for the incident, I don’t believe they will be deleting any information gathered and have only apologised for it since their PR agency has said its the thing to do… In addition they seem to come out with any number of excuses for their actions, all of which to anyone with any experience within the IT world will say is a load of old ****…

Regulations…

What amazes me is that Google manages to get away with things that many of us wouldn’t dream of doing. It makes me wonder, that if Microsoft had attempted this, that no doubt we would be hearing of massive court cases, the break up of Microsoft etc etc. Yet Google gets away with pretty much anything… In an age of ID theft, it amazes me that there are no real strong regulations in place to crackdown on Googles actions, but to top that, Googles attitude to privacy and the whole issue amazes me even further…If an individual was caught carrying out Googles actions, I am sure we would be seeing a prosecution of some kind….

I strongly believe that international bodies need to get to grips with what is technically possible, and more important what is ethical and basically should be against the law (if it isn’t already).

More things of concern…

Google has its own Browser and shortly, its own Operating System. Now just think what sort of information they could steal from you if you use their OS? I maybe being cynical but Google must be seen in this way simply because of its previous actions and record on data privacy. I wouldn’t trust Google Chrome browser or OS no matter what is said, to top it off, they aren’t even great products!

What can we do…

Well, ask yourself why is Google doing all this? Simple, it wants to know as much about us to sell on the details, perhaps not literally, but for sure in terms of advertising. The more Google knows about us, our actions, our connections and our habits, the more it can charge for its advertising and start to push these adverts and its own services on us. Which in turn makes Google a lot of money. Googles line will of course be something along the lines of “to provide the best service we can”, but again, any businessman will tell you, that the service argument is so they can sell more advertising…

I feel most average internet users don’t understand the situation, that Google provides “free services” because it makes its money through advertising, and it snoops on us to increase that revenue and revenue potential.

So what we can do as users? Simple. Stop using Google products and services. By doing this Google doesn’t have access to your internet habits or mobile habits and your personal information. If you have gMail move away from it, if you use Google as your search engine switch to Bing, Yahoo or ask (don’t be fooled that Google is by far and away the best search engine out there). If you use Chrome switch to FireFox or IE, and if you are tempted by Chrome OS, get Windows 7… The more people that do this the less of a captive audience Google will command, which means less advertising revenue for them…

The way Google behaves as an organisation and the lack of real regulation and action against them,  means this is the only way in which to make your own information safe and to make Google stop.

I for one will not be using any of their services and products again….