Portals and Rails

About


Portals and Rails, a blog sponsored by the Retail Payments Risk Forum of the Federal Reserve Bank of Atlanta, is intended to foster dialogue on emerging risks in retail payment systems and enhance collaborative efforts to improve risk detection and mitigation. We encourage your active participation in Portals and Rails and look forward to collaborating with you.

« Do Cyberattacks Threaten Confidence in Our Payment Systems? | Main | It's Time for Better Online Authentication Solutions »

April 22, 2013


Are You the Weakest Link?

Okay, maybe not you and maybe not me—unless we haven't heeded the three suggestions provided by my colleague in a recent post. Banks, processors, transaction networks, acquirers, and other stakeholders in the financial payments ecosystem are waging a daily battle against a wide range of antagonists who are constantly seeking ways to access computer systems illegally These criminals are trying to get confidential data, disrupt operations within the company and for its customers, achieve financial gain, or simply seek notoriety for their achievement. By not following a couple of easy steps, are we compromising the battle for the banks and other institutions?

You and I—the consumers and the end users—are important elements in the overall payments ecosystem. It is generally for our use, of course—so that we can access our accounts or perform our daily financial chores conveniently and efficiently—that the other stakeholders are running the various financial applications. If it weren't for us, I think their jobs in protecting their systems would be much easier.

So how are we the weakest link? A basic tenet of security that we often mention in Portals and Rails is that experienced criminals attack the weakest points in the system. Why worry about picking the lock on the highly visible front door when there is an unlocked window at the back? Unfortunately, despite all the research surveys that report consumers' greatest concern about performing mobile or internet electronic transactions is their privacy and the security of the transaction, the evidence clearly demonstrates that, while they may "talk the talk," they often don't "walk the walk."

Panda Lab's 2012 annual report estimates that one-third of the personal computers in the world are infected with some type of malicious software (malware). So how do these computers get infected? The users are not following proper security guidelines when they are using their computers or smartphones. Critical unsafe behaviors include:

  • Not using antivirus software or not keeping it updated
  • Not using a firewall or disabling the firewall that might have been included in a device's operating system
  • Poor password security—using easy-to-guess passwords, using the same password on multiple applications and devices, allowing passwords to be stored in a device
  • Not updating software—software vendors frequently post software updates when they become aware of security problems, especially such utility software as Flash and Java
  • Visiting unknown websites, often through links on social network website pages, that contain hidden viruses

Here at the Federal Reserve, a combination of recurring education and required security tactics are used to minimize the risk of such poor practices by users such as me. I won't detail those techniques because that could compromise aspects of our network security, but when I place my personal computer, smartphone, and home network against those same criteria, I certainly see some ways in which I have been less than diligent and need to change my habits. What about you?

Be sure to read the Risk Forum's recent paper on account takeovers and how less-than-adequate Internet security practices of a few individuals and businesses can contribute to criminals' ability to obtain sufficient personal information and account credentials to conduct account takeovers and steal your money.

David LottBy David Lott, a retail payments risk expert in the Retail Payments Risk Forum at the Atlanta Fed

April 22, 2013 in consumer fraud, consumer protection, malware, online banking fraud | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01053688c61a970c017d430443c3970c

Listed below are links to blogs that reference Are You the Weakest Link?:

Comments

Post a comment

Comments are moderated and will not appear until the moderator has approved them.

If you have a TypeKey or TypePad account, please Sign in

Google Search



Recent Posts


December 2014


Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Archives


Categories


Powered by TypePad