- Email: [email protected]
Cheap, simple ways to beat remote transaction fraud
ISSN 1361-3723 October 2005
Featured this month
Contents NEWS
Cheap, simple ways to beat remote transaction fraud
Exit old fashioned phishing - enter
Empowering the public
Credit card companies can keep tight
The security risks associated with remote payment transactions are inescapable for banking customers. Although with investment from financial institutions, the dangers could be much reduced through high security techniques. But this would be costly for banks and inconvenient for consumers. However; there are some simple, low cost ways which the public could use to protect themselves from fraud. There are some obvious opportunities for fraud in current transaction processes. Blocking such opportunities for credit/debit card theft is essential. Some transaction vulnerabilities are as follows:
• Credit card details can be obtained during a regular card present transaction. • Credit card customer records are stored by retailers, which can be hacked. • Vendors can submit repeat transactions. A cheap way for consumers to gain more control is by using different cards for different transaction types. Internet transactions and ordinary card-present transactions should not be carried out using the same card. This would mean that fraudulent transactions could be more easily spotted. In addition it would be helpful if a customer received a receipt from their bank every time they made a transaction. This would immediately alert them to any fraudulent transactions occurring on their account. Other recommendations include: cutting out the vendor, applying credit limits and so on.
hardcore trojans and moles
lipped on hacker victims, rules judge Malware chases the money
2
2 3
FEATURES E-Commerce transactions Low cost assurance for B2C E-Commerce
4
War & Peace in Cyberspace Wireless, PDA and Instant Messaging: Achilles’ Heel?
7
PKI Case Study BACSTEL-IP - One of the biggest PKI projects ever
10
Hardware embedded security Designing security into hardware-based products
13
Achilles’ Heel: IM, PDA & Wireless77 The Achilles’ Heel in your information security program could turn out to be a devilish detail, like a rogue wireless node, or a lost PDA, or a seemingly innocent Instant Messaging (IM) communication. Therefore applications like IM should be treated like other company applications, like email. This means IM deserves a similarly complicated password. This also applies to PDAs. Passwords should be retyped every time a connection is made to IM or a PDA. PDAs are powerful devices and with that power comes risk and responsibility. As staff use PDAs for more and more email and such, password protected screensavers should be enforced. This stops opportunist snoopers. Snoopers should also not be given the chance to penetrate company wireless networks. Two contradictory requirements must be met for such networks.
REGULARS News in brief Events
3 20
ISSN 1361-3723/05 © 2005 Elsevier Ltd. All rights reserved This journal and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use.
Featured this month
Contents NEWS
Cheap, simple ways to beat remote transaction fraud
Exit old fashioned phishing - enter
Empowering the public
Credit card companies can keep tight
The security risks associated with remote payment transactions are inescapable for banking customers. Although with investment from financial institutions, the dangers could be much reduced through high security techniques. But this would be costly for banks and inconvenient for consumers. However; there are some simple, low cost ways which the public could use to protect themselves from fraud. There are some obvious opportunities for fraud in current transaction processes. Blocking such opportunities for credit/debit card theft is essential. Some transaction vulnerabilities are as follows:
• Credit card details can be obtained during a regular card present transaction. • Credit card customer records are stored by retailers, which can be hacked. • Vendors can submit repeat transactions. A cheap way for consumers to gain more control is by using different cards for different transaction types. Internet transactions and ordinary card-present transactions should not be carried out using the same card. This would mean that fraudulent transactions could be more easily spotted. In addition it would be helpful if a customer received a receipt from their bank every time they made a transaction. This would immediately alert them to any fraudulent transactions occurring on their account. Other recommendations include: cutting out the vendor, applying credit limits and so on.
hardcore trojans and moles
lipped on hacker victims, rules judge Malware chases the money
2
2 3
FEATURES E-Commerce transactions Low cost assurance for B2C E-Commerce
4
War & Peace in Cyberspace Wireless, PDA and Instant Messaging: Achilles’ Heel?
7
PKI Case Study BACSTEL-IP - One of the biggest PKI projects ever
10
Hardware embedded security Designing security into hardware-based products
13
Achilles’ Heel: IM, PDA & Wireless77 The Achilles’ Heel in your information security program could turn out to be a devilish detail, like a rogue wireless node, or a lost PDA, or a seemingly innocent Instant Messaging (IM) communication. Therefore applications like IM should be treated like other company applications, like email. This means IM deserves a similarly complicated password. This also applies to PDAs. Passwords should be retyped every time a connection is made to IM or a PDA. PDAs are powerful devices and with that power comes risk and responsibility. As staff use PDAs for more and more email and such, password protected screensavers should be enforced. This stops opportunist snoopers. Snoopers should also not be given the chance to penetrate company wireless networks. Two contradictory requirements must be met for such networks.
REGULARS News in brief Events
3 20
ISSN 1361-3723/05 © 2005 Elsevier Ltd. All rights reserved This journal and the individual contributions contained in it are protected under copyright by Elsevier Ltd, and the following terms and conditions apply to their use: Photocopying Single photocopies of single articles may be made for personal use as allowed by national copyright laws. Permission of the publisher and payment of a fee is required for all other photocopying, including multiple or systematic copying, copying for advertising or promotional purposes, resale, and all forms of document delivery. Special rates are available for educational institutions that wish to make photocopies for non-profit educational classroom use.