Swipe cards with caution this holiday season

• Tweet
• Pin It

Dalton LaFerney / Senior Staff Writer

The holidays are about to begin, livening malls and quickening the pace of transactions. Black Friday will lift the curtain on shopping season and as shoppers spend, there will be a network of hackers swarming to take private consumer information.

This is nothing unique to the holiday season. Hackers are always on the prowl. They continuously search for unprotected routes to credit cards, debit cards or anything they can use to take money and identities. They are phishing for passages to get inside, and banks and retailers play an expensive game finding them.

Business professor John Windsor said shoppers should not worry about their risks during the holiday season anymore than the rest of the year.

“Your credit card number is getting to more places, so your risk goes up,” Windsor said. “But the company’s behavior is going to be the same year ‘round.”

A worrisome year for businesses

Hackers stole as many as 56 million credit card numbers in September from Home Depot. The same month, sandwich chain Jimmy John’s was hacked. Retail giant Target said earlier this year hackers breached its systems, setting off a year when Goodwill, P.F. Chang’s, Staples, Neiman Marcus and other prominent businesses were compromised.

There are many places security can be flawed. It’s not only companies that are targeted for user information. Banks attract a number of the hackers as well.

“They start with the banks, then work their way down the list of large companies,” Windsor said.

Banks are committed to the protection of client data, offering educational literature and advice to customers, but much of the responsibility is on the cardholder to operate reasonably within the bounds of safety. Wells Fargo, UNT’s bank, is one of many banks that encourages online account oversight.

“Security for an online transaction is the responsibility for the merchant,” Wells Fargo media spokesperson Joe Stroop said. “However, security is at the heart of everything we do for our customers and we continually monitor their accounts for unusual patterns and activity.”

The Secret Service and FBI are among the organizations monitoring fraudulent actives. At each of the 56 FBI field offices, there are cyber squads that chaperon the cause. Cyber Action Teams, a specialized FBI division, coordinate to eliminate threats, but reactivity is only one mean of repelling cyber criminals.

“Trying to catch them is a cat and mouse game,” Windsor said. “For the companies, it’s more of building a fortress. You build all the walls, and then you try to make sure the walls don’t crumble; you don’t have any secret passages. You’re constantly going around trying to patch the walls.”

Defend yourself

Shoppers can improve their odds by building their own fortress. Information technology professor Dan Kim said an important aspect of cyber defense is understanding how the hackers operate. He said hackers take a two-step approach to lifting vital information: footprinting and fingerprinting.

“Footprinting is the preparatory part of the attack protocol,” Kim said. “In this step, they collect information publicly available on the web or other public sources, such as network addresses, URLs of servers in the company network and networking configuration.”

Hackers, using the retrieved data, then begin the fingerprinting phase. Kim said they use tools like port scanners, vulnerability scanners and firewall analyzers to survey networks for weak points to attack. Finally, they attack the vulnerable opportunities within the network, resulting in security breaches like those at Home Depot or Jimmy John’s.

The Jimmy John’s on Avenue A across from the language building. Jimmy John’s was one of several businesses to be hacked. Photo by Devin Dakota – Staff Photographer

“Some companies, particularly small ones, have difficulty paying for the security they should have,” Windsor said. “Security is an expense that doesn’t pay back. You either pay for security, or you’re going to pay a lot more because you were hacked. If I am paying for security, I am not seeing any return on that money.”

In October, President Obama signed an executive order as part of the BuySecure initiative. The White House has set its sights on improving security measures for American cardholders with new technologies and more rigorous oversight by legislators. The president demanded overdue cyber protection for Americans.

Washington D.C.’s efforts to toughen defenses include the use of PIN and chip technology, which are seeing success in Europe. Europay, MasterCard and Visa developed EMV chip technology that reduces access to hackers. By using this chip technology, cards are more secure than the traditional magnetic strip cards. Magnetic strips can easily be mimicked, and consequently hacked and stolen.

“The best thing to do is get changed over to the chip technology and get off the magnetic strip,” Windsor said. “You have an identification on the chip, or an authentication. It is algorithmic-based, so it’s hard to steal. On the strip, there is account information, balance and other odds and ends that are easy for someone to steal, intercept or spoof.”

A Wells Fargo bank on Ninth Street in Durham, North Carolina. “Security is at the heart of everything we do for our customers,” said Wells Fargo media spokesperson Joe Stroop. Photo courtesy of Wikimedia Commons

While lawmakers in the U.S. are pushing back against cyber criminals, hackers in other countries regularly seek American information. Windsor said most of the breaches come from computerists in North Korea, Bulgaria, China and Russia. In Bulgaria, it is not illegal to hack another computer so long as it’s not another computer in Bulgaria, making it perfectly legal to hunt for American information.

“A huge number of the hacks are not on U.S. soil,” Windsor said. “Getting cooperation across those borders is a problem that needs to be addressed.”

While criminals abroad look for ways in, consumers at their home computer can help save themselves. Windsor recommends not saving credit card or other vital information on the computer.

“If I were going to do online banking, I would use a desktop,” he said. “I would make sure my accounts were not stored on the machine.”

Kim said to limit the amount of personal information shared on social media and to visit the scam watch website, www.scamwatch.gov.au, to monitor trending scams and other fraudulent activities. For Windsor, mobile devices pose the biggest threat to user information.

“Get it off your phone,” he said. “The most vulnerable device you have is your phone. There are not very many good virus scanners and protection schemes for the cellphones to begin with, and the phone providers are only providing the lines; they are not providing security on them. They are not a disaster, don’t panic over them, but they are your biggest personal risk.”

\A Home Depot on Carlisle Pike in Mechanicsburg, Pennsylvania. Last September, 56 million credit card numbers were stolen. President Obama signed an executive order as a part of the BuySecure initiative that will improve security measures for cardholders. Photo courtesy of Wikimedia Commons

Both Windsor and Kim advise responsible, practical credit card use. Use cash when possible, and know that debit cards are more susceptible to attack than are credit cards.

“If you’re doing anything over the Internet, or some other open access system, there is always going to be the issue,” Windsor said. “How big the risk will change, but there is always going to be an issue.”

Featured Illustration by Jake Bowerman – Senior Staff Illustrator

• Tweet
• Pin It

Related Posts

• 

  Students share on-campus parking troubles
  Students share on-campus parking troubles
• 

  Students Yell Like Hell for Homecoming
  Students Yell Like Hell for Homecoming
• 

  Gaming company supports Denton with app
  Gaming company supports Denton with app
• 

  Student studies technology’s toll on children
  Student studies technology’s toll on children