A post relating to this item from Finextra:
17 August 2012 | 8109 views | 2
Aussie police say that hackers targeting merchant computer systems may have stolen half a million credit card numbers and racked up A$25 million in fraudulent transactions.
I am not at all surprised at this. It is sub judice even to discuss what the investigation will reveal; yet I will risk my last cent if it is not an ‘inside job’ with the connivance of the POS folks. It was the butler after all.
The phrase ’information security’ on google search throws up 874,000,000 results (0.17 seconds) and the phrase ‘key logger’ 4,690,000 results (0.21 seconds). It is safe to conclude the world is aware of information security and key logging. We have the
global population merrily using keyboards for password keying in without much of a thought as this reveals.
I have done internet banking transactions in Canada and India. I see it is much safer in India as compared with Canada. One simple example, on the log-in page the user has an option to select the virtual keyboard to input the user ID and password, a sure
protection against ‘key loggers’. I have this noted in my book under the section ‘Trifles that matter’. My canadian bank still believes keyboard is the 'way in' for internet banking.
Extending this logic each POS or ATMs or internet banking page can have a virtual keyboard as an option. Alternately each transaction that requires to key in password can have a 2 factor authentication. One, the password itself; in conjunction a ‘One Time
password’ send by way of an SMS that together will approve the transaction. This can be be a 3 digit randomly generated alpha-numeric key. A more secure option is to shuffle the virtual keyboard from the standard ‘QWERTY’ for each access event. These are
all classic examples in the existing paradigm.
A shift in paradigm is a necessity. We do have the technology available and it is ubiquitous. You guessed it right the first time. Yes! It is NFC. Google Wallet 2.0 (if I may so call it) is perfect to stymie the growing global community of ‘key loggers’.
I am talking about the front end virtual card with the ‘real’ cards linked in the background. This will ensure privacy and security. The ‘secure element’ that google talks about I am sure is a good safeguard guaranteeing privacy. A quick adoption to this
technology will create a welcome unemployment in the ‘keyloggers’ industry.