Monday, March 19, 2007

Want Someone's Identity? It's only $14!

I found this article and while it has little to do with comic books, it does have relevance to both individuals and businesses in general.

According to the article: “U.S.-based credit cards with a card verification number were available for between US$1 to $6, while an identity — including a U.S. bank account, credit card, date of birth and government-issued identification number — was available for between $14 to $18,” the report said."

The article goes on to explain that this information is becoming easier for hackers to get, thanks to the increasing number of broadband users. Apparently, since broadband users are constantly connected to the Internet, hackers can get in at any time, and often use what they call "zero-day vulnerabilities" to get in. "These vulnerabilities are software flaws that are being exploited as soon as they are revealed and before a patch has been released. Hackers have exploited some of those vulnerabilities by creating malicious documents in Microsoft Office and other software, said Ollie Whitehouse, a security architect at Symantec."

These hackers can also send malicious files that, once opened, give them access to any personal information you might have stored on-line, or allow them to see the information you input when you make on-line credit card purchases.

It MUST be pretty easy information to get, and they must have information on hundreds of people in order for them to be selling this information at such a low price - it's pretty scary.

While we had broadband at home I had my credit card number stolen. My card was in my wallet and I never lost my purse, so I am fairly sure it was taken from the computer. So far that appears to have been all they took, but I do have flags set up on my social security number now. Thankfully I was able to catch it before it got really bad. The bank had to send me a new card and they stopped the charges that were made. However, I am extremely leery of making on-line credit card purchases now.

I also wonder how much liability a business has in such matters. We don't have an on-line store, only eBay and payments come via Paypal, so it really doesn't mean much to us. But what about all of those on-line businesses that collect and save credit card information. What happens if a hacker gets in there and the have customer information stolen? Does the business have some liability in this?

To read the article in full click here.

No comments: