The New York Times today has an extensive story on the international hacking ring that allegedly stole about 45 million credit and debit card numbers. The network spanned continents, included at least one informant who appears to have played both sides of the fence and after reading it would leave both customers and IT execs wondering just what can they really do to keep personal information secure.
Customers, in my opinion, still pick convenience over security. This may be in part due to the idea that their liability for lost credit cards is only $50, while the liability for lost debit cards depends on when you notice and inform the bank of the loss. The FTC has a website that outlines the loss provisions. I contend that that type of thinking is wrongheaded. Banks and credit card issuers make up the losses elsewhere and all those late fees, penalties and high interest rates are paid by consumers.
Protecting customer identity and credit information is the job of IT in conjunction with whomever is charged with security at a company. Right now, technology favors the hacker. The Internet allows hacking and security hole information to travel at digital speed. If a hacker wants to go buy (or more likely download for free) a packet sniffer or wireless network analyzer, they just go buy one. If you want to buy some products and services to defeat those hackers, you will find yourself in the much dreaded corporate budget cycle.
The old rule about protecting identity states that true identity is a function of something you have (an ATM card for example), something you know (like a password) and something you are (like a fingerprint). Right now hackers seem to have an easy time of getting fake credit or atm cards and matching them up with your password. I think the digital security industry is ready for a return to the past. The smart ID card never caught on in the U.S. because it was seen as too inconvenient. But processor equipped cards can contain all three elements of security. The days of thinking that a credit card and a password can stop today’s tech savvy hacker are long gone.