26 October 2014

44975

Retired Member

699 | posts 2,182,739 | views 831 | comments

ANOTHER WEEK GONE. ANOTHER DATA DISASTER AVERTED!

08 November 2010  |  2694 views  |  0

Something happened last week that was so extraordinary, I had to blink and rub my eyes to really believe they weren’t deceiving me!

If you have read my blogs before, you will know I regularly highlight the risks of sending sensitive information via email. I am equally concerned about how businesses protect themselves against external attacks, and negligence.

Today I’ll be focusing on the latter, and use my own involvement in an unfortunate event to illustrate the point I wish to make.

Please note, any companies involved have not been named. Regardless of names, however, this incident demonstrates what can happen when we drop our guard!

I have recently been tasked with evaluating a number of security solutions by my boss – and I settled upon the one I felt best matched our requirements.

Needless to say, I was very keen to initiate a purchase, and preliminary talks were constructive.  I even managed to haggle them down a bit on price!

I was feeling good about the purchase, until the seller dropped a bombshell – which changed everything.

They sent me a billing form, and requested I fill in names addresses and credit card details. I would have an issue with filling this in and sending over email insecurely as it is. But when I opened the document my jaw dropped. There, staring me in the face, was someone else’s full credit card details.

Surely this is just an example of where to enter your details, I thought to myself? Surely they haven’t sent someone’s personal and credit card details to me over email?

After a little bit of digging, I located the biller and the affected business on the Internet. To my horror – and theirs – the information contained on the ‘template’ invoice belonged to another customer and was genuine, including the three-digit security code!

I immediately notified the seller, and encouraged them to speak to the affected business. I'm honest enough to delete such data. But the reality is it was sent to me unencrypted – and the details could now be in hands of anyone.

It’s little wonder online crime is growing at such a phenomenal rate. I mean, can we honestly blame web gangsters? Aren’t we all guilty of laying everything  on a plate for them?

In the new age of austerity, it must be extremely tempting – and even more so than usual – to use details that are so readily and easily available.

This wouldn’t have been a challenge for someone who knew what they were doing, and that's what you ought to find most alarming. For all it requires is someone to use a ‘Packet Sniffer’ – an elementary computer program that hunts and intercepts digital traffic – to intercept confidential mail.

The frustrating thing for me is this incident could so easily have been prevented.

Ah well, it’s just a good job that I am such an honest chap. If I wasn’t I wouldn’t be writing this blog. Instead, I’d be doing my Christmas shopping on Oxford Street, using a credit card that doesn’t belong to me!

The lesson for us all is to remember to:

1.      Send a template invoice that doesn’t contain any confidential information;

2.      Whenever possible, send an email of this type in an encrypted format.

Thankfully for all concerned, the source of the breach could be quickly identified, and if any fraud had occurred, it would have been traced straight back to me. At the very least, I would have become a starting point for any investigation.

But this is an all-too-common an occurrence in UK plc. And it’s about time we all woke up to the fact that emails are not a secure form of communication – unless they are sent in an encrypted format.

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Retired

7-day account switch: customer empowerment or indifference

18 June 2014  |  1841 views  |  1  |  Recommends 0 TagsRisk & regulationRetail banking

On Reinventing Money.

03 June 2014  |  1238 views  |  0  |  Recommends 0 TagsPaymentsInnovation

Operational Lessons for New Boutique Asset Managers

27 May 2014  |  626 views  |  0  |  Recommends 0 TagsRisk & regulation

Trading System Failures Cannot Be Our Norm

21 May 2014  |  1481 views  |  0  |  Recommends 0 TagsRisk & regulationInnovation

Around the Clock Tweeting

15 May 2014  |  1951 views  |  0  |  Recommends 0 TagsMobile & onlineRetail banking
name

Retired Member

job title

company name

member since

2014

location

Summary profile See full profile »

Retired's expertise

What Retired reads
Retired writes about

Who is commenting on Retired's posts

Rasvan Stanescu
Sian Bentley
Tony Wenzel
Jorge Yui
Ketharaman Swaminathan
Mark Pavan
Vishal Chaturvedi
Matt Scott
Geoffrey Barraclough
Thad Peterson
Marinka Ryan
Alexander Peschkoff