Security Bytes – November, 2015 – Holiday Shopping Tips.
In my previous article February 2014, I discussed how to use better methods to secure your credit card information when shopping online. New technology updates have come and it is time to revisit this topic.
With the adoption of digital chips in many cards today using one’s credit card at stores has become far more secure than ever, however there are still some pitfalls. Many vendors have not yet become compliant by employing the Chip and Signature technology fully, and also many people still have not received their updated cards yet. In addition, there are are a few reports of hackers cleverly creating email and actual paper documents to get an individual to disclose their sensitive personal data under the guise that they are completing a form to “expedite” the delivery of their new cards.
I wish to draw attention that one should NOT respond to ANY such requests over the phone OR via email or paper mail UNLESS one calls the issuing bank and VERIFIES that the request is legitimate! The technology IS in fact secure and the criminals know this, the only way (as of this writing) that criminals can compromise security is by social engineering, thereby causing one to give them the information they need to compromise an account. That being said I also need to strongly advise everyone to Re-read my Sept 2014 article on password management and start using STRONG passwords of at least 16 or more characters! Computing power has moved forward and criminals know that many people still use simple passwords from the dictionary and possibly demographic information about themselves. By using simple passwords, it makes the process of getting at your data just a matter of time for a hacker to crack your accounts.
I still come across people who reuse the same login and password and multiple sites to simplify their internet experiences. While this DOES make life easier it also is a very risky practice since all it takes is the compromise of one site to bring down all the others. Potentially a hacker could get the login information and then compromise many other sites at the same time. It is also very important to employ the best practice of changing your logins at the most important sites (Financial, and any other important site) on a regular basis. This will further secure one’s identity online.
The upcoming year does hold some promise for better methods of online security and the possible movement away from traditional username / password combinations. Already many of our phones has at least the ability of using biometrics (fingerprint) to authenticate you and I hope to see more innovation in the coming year. I is impotant for everyone to remain vigilant with their passwords until there is a better method of authentication that is accepted across the board by all vendors.
-Paul Mavrovic, CISSP