Given the recent headline-grabbing breaches, in this month’s debate information security professionals discuss whether or not money is safe online.
Jen Andre, chief scientist, Threat Stack
If you make electronic transactions in any form, your money is already online. It doesn’t matter if you never enter a credit into an e-tailer and only shop brick-and-mortar. No business operates without connectivity to the internet. The point-of-sales breaches at Target and Home Depot deeply illustrate this. Such breaches are not going to stop happening, and nearly every retailer (online or not) will be vulnerable to them in some way.
Given that reality, consumers have some onus to be savvy in choosing who they do business with – and how – to protect their own finances. Fortunately, technology is making advances to help us. Text messages and mobile apps make it easy to monitor your bank and credit card statements, and get alerts instantly when something is suspicious. With the increase of computing power and the rise of machine learning and Big Data, fraud detection is getting faster and better. New payment technologies are reducing the attack surface for potential credit card thieves and ensuring all transactions are safer.
Cameron Camp, security researcher, ESET
Unless you have protections, digital awareness and training, consumers expose themselves to risks while banking or purchasing products online. Consumers must learn to choose passwords wisely, change them frequently and limit their exposure. They must also keep sensitive personal information, bank account numbers and passwords in unencrypted form off their phone.
On the institutional side, memory scraping on point-of-sale and other related technologies will remain a scourge to payment card participants. Financial institutions view theft in terms of “risk management,” not specifically stopping theft because it’s bad. That is, they assign a value to fund loss and attempt to manage that relative to security purchases. If that equation is at an acceptable level, they feel a measure of success and proceed to other issues. Consumers, on the other hand, think an acceptable level of “loss” would be zero. Lack of full disclosure on breaches, and/or delayed reporting weaken security and trust across the landscape in the interest of brand protection.