Sunday, November 23, 2014

Thwart fraud with stronger passwords, new technology

1/22/2014

Recent online security breaches at numerous retail stores as well as at the federal government are enough to make people wonder if any of their personal information is secure. Remedies aren’t as plentiful as most consumers would like.

One recommendation from online security company SplashData is to have more difficult passwords.

Recent online security breaches at numerous retail stores as well as at the federal government are enough to make people wonder if any of their personal information is secure. Remedies aren’t as plentiful as most consumers would like.

One recommendation from online security company SplashData is to have more difficult passwords.

The worst or least secure password is — wait for it — 123456. Hmm, the second least secure password is the reason online companies push so hard for users to have strong passwords with a combination of alpha-numeric characters without consecutive numbers — Password. If users really want to avoid identity theft online then they should move past weak or good passwords and create one-of-a-kind, yet memorable passwords.

The company compiles a list annually of the Top 25 passwords and those lists indicate users aren’t even changing their default passwords from welcome, abc123 and 12345678. Experts in the tech field recommend passwords with a combination of upper and lower case letters, numbers and symbols — and the more characters the better. The worst part is having a separate password for each website and credit card. Customers need look no further than the massive breach of credit and debit card numbers as well as PIN numbers at Target and Neiman Marcus during the recent Christmas shopping season to realize no one is immune to these types of situations. The latest breach was reported to have affected nearly 25 percent of America’s population and took a different path than others by attacking the credit card swipe stations. This breach is a cyber crime, allegedly written by a teenage boy in Russia and executed by others, and is the first step toward selling credit card information to turning a lot of people’s worlds upside down. Two people recently were apprehended with some of the stolen credit card information in their possession.

Those affected can’t do much except for changing their PIN numbers, which hopefully isn’t the same PIN as was used on other credit cards.

Other remedies to the security breaches may lie in legislation at the federal level.

U.S. Sen. Edward J. Markey, D-Mass., wants more done to mandate stronger privacy and security standards across all industries to try and avoid situations of this nature in the future. U.S. Sen. Al Franken, D-Minn., wants more done too since more than half of all cyber fraud is occurring in the United States. Franken and others would like to see U.S. retailers use Smart Chip technology — the same as what is used in most of the rest of the world. Essentially a credit card is embedded with an encryption strip requiring use of a PIN making it more difficult to counterfeit. The EMV cards — named after Europay, MasterCard and Visa — are able to thwart cyber fraud, though users still end up, again, with the challenge of users having to remember multiple PIN numbers.

The other challenge with this solution is the slow adoption of it because of the number of merchants and costs involved in such a switchover. An estimated 5 percent of U.S. credit cards are embedded with the encryption, but it doesn’t matter much until merchants embrace the technology too. We all pay the costs eventually — either through identity theft or mandates for merchants to strengthen their security measures, which gets passed on to consumers.

— Jeanny Sharp,

editor and publisher

comments powered by Disqus