Regardless of the day and of any technologies in society, there will always be a segment of our population who would rather make their career out of subterfuge instead of putting in a hard day’s work. Unfortunately, that will always be the case.
There is a security leapfrog when it comes to those that are trying to protect our information and those trying to acquire it. As the ne’er-do-wells find some mechanism or scheme to steal our money, the guys in the white hat put in a process or technology to make it much more difficult for the criminal element to succeed. Of course, once this has been done, then the scammers go right to work looking for ways to circumvent the current security scheme.
One thing that has become readily apparent over the past few months is that fraud has become big business.
In the past, many of us had to deal with unsophisticated attempts by the fraudsters. It took no time for the vast majority of us to figure out that it was highly unlikely that we were the beneficiaries of some Nigerian will, or that we had won $5,000,000 in some lottery in which we had never bought tickets. Possible benefits from the fraudulent attempts were low; at the most, an individual might be duped out of a few hundred dollars.
In recent months, it has become evident that these attacks are more planned an d deliberate. Where fraudulent activity in the past was based on the concept of sending out millions of emails containing malware or that contained phishing attacks, there is a new gangster in town, and this one takes a more deliberate and patient approach. Not only is it more cost effective, but I believe that what they are finding is that the potential for reward is much higher.
Where the mindset of electronic fraud has undergone a fundamental change is that instead of attacking the consumer, the targets are now the holders of our data – the corporations that house our identities and financial information in their database. This type of fraudulent activity will become more and more common.
The other aspect of corporate database fraud that makes it more attractive to criminals is that it is an active attempt to break into the company data banks. The unsophisticated fraudulent email approach was very passive. All that the individual could do is to sit there and hope that 1 in a million individuals actually fell for the scheme.
Recent security breaches in the corporate world are not anomalies; these will be more and more common. A couple of months ago, a global player in the recognition & reward sector had their database breached, exposing individual names, addresses and other confidential information belonging to major credit card and reward program customers.
For the past two weeks, the entire Playstation network has been down as there was a significant security breach in their database as well. It’s currently believed that at least 100,000,000 (yes…one hundred million) subscribers were exposed. What makes this even more alarming is that it is believed that this theft of data has included credit card numbers, expiration dates and banking information. When one considers the value of 100,000,000 customer profiles, it becomes evident that for these individuals, even if it took them six months to plan an attack and to infiltrate an organization, the potential benefit far exceeds the cost.
On my way in this morning, there’s something else that I’ve realized and I think that this in an important point to keep in mind. There are many people out there that don’t necessarily purchase goods or services online and perhaps they think that they’re not at as much risk. The thing to consider is that anyone is at risk of having their information illegally accessed if their records appear in a corporate database.
The next time you go for an oil change, or swipe your rewards card at Indigo, or purchase an extended warranty at Futureshop, always keep in mind that the vast majority of your transactions with a company will be recorded in their database.
The sad reality is that all of us need to be continually diligent to checking banking or credit card transactions and doing a periodic review of our credit score and record.
Gone are the days of cash transactions, where a purchase transaction ended with the transfer of goods and cash.. The persistent shadow of fraud is our new reality and it is our responsibility to make sure that we practice due diligence to know who we deal with and how they protect our data.
No comments:
Post a Comment