But I am Protected?

[tw]

A problem probably on both sides of the pond. From the BBC of 25 Mar 2007:

Quote:

Many net users 'not safety-aware'
Fewer than half of the UK's 29m adult internet users believe they are responsible for protecting personal information online, a survey suggests. One in six of the 2,441 people surveyed felt responsibility rested with banks.

The research, for a government-backed online safety campaign, found 12% had suffered online fraud in the last year - at an average loss of £875.

The same number (5%) had experienced fraud while shopping online as had had their bag, wallet or mobile stolen.

What happens if someone gets access to your brokerage account and pilfers it? You are 100% responsible for the losses. Brokerage need not reimburse you for any of $hundreds of thousand in losses. That is the law.

Where are best places to phish for such account passwords? Libraries, hotel computers, etc. Simply put spywear (keystroke recorders) on those computers and wait for a nibble. Keystrokes are recorded, sent overseas, and you brokerage accounts are suddenly empty. Libraries, hotels, and other public computer locations routinely make little effort to clean their machines.

Worse are the so many who automatically assume they are protected.

[bluesdave]

But tw, what idiot would use a public PC to do their broking or Internet Banking, or Net purchasing? What you say is correct, but that is assuming someone would use a Net café, or one of those pcs set up in shopping malls. Surely no Cellar dweller would be that stupid.

[xoxoxoBruce]

He' preaching to his lurking minions, Dave.

[piercehawkeye45]

Quote:

Originally Posted by bluesdave

But tw, what idiot would use a public PC to do their broking or Internet Banking, or Net purchasing? What you say is correct, but that is assuming someone would use a Net café, or one of those pcs set up in shopping malls. Surely no Cellar dweller would be that stupid.

True, but what would happen if you didn't have enough money to buy your own computer?

[Shawnee123]

Quote:

Originally Posted by piercehawkeye45

True, but what would happen if you didn't have enough money to buy your own computer?

lol...then perhaps internet broking is not their forte!

[BigV]

Quote:

Originally Posted by bluesdave

But tw, what idiot would use a public PC to do their broking or Internet Banking, or Net purchasing? What you say is correct, but that is assuming someone would use a Net café, or one of those pcs set up in shopping malls. Surely no Cellar dweller would be that stupid.

"Never underestimate the power of human stupidity." - Robert Heinlein.

You do so at your peril.

Symantec reports

Quote:

Threats to Confidential Information on the Rise

For the first time, Symantec tracked the trade of stolen confidential information and captured data frequently sold on underground economy servers. These servers are often used by hackers and criminal organizations to sell stolen information, including social security numbers, credit cards, personal identification numbers (PINs), and e-mail address lists. During the last six months of 2006, 51 percent of all known underground economy servers in the world were located in the United States. U.S.-based credit cards with a card verification number were available for between US $1 - $6 while an identity, including a U.S. bank account, credit card, date of birth and government issued identification number, was available for between US $14 - $18.

This blew my mind. I can get your (or somebody's, maybe not "yours") credit card information for a couple of bucks. An "identity" is less than $20.
...

Quote:

Increase in Data Breaches Help Facilitate Identity Theft

Confidential information used in identity theft is often confiscated as a result of a data breach. During the reporting period, Symantec assessed data breaches that resulted from hacker activity, the theft or loss of computer hardware, and security policy failure. Data breaches and the potential use of confidential information for identity theft can result in a loss of public confidence, legal liability, or costly litigation. The majority of global data breaches affected the government sector, accounting for 25 percent of the total. Government organizations may be considered a prime target as they often store data in many separate locations making it accessible to various people, and thereby increasing the opportunities for attackers to gain unauthorized access.

It doesn't even have to be your "fault". If your data is out there, it's at risk.

[tw]

Quote:

Originally Posted by bluesdave

But tw, what idiot would use a public PC to do their broking or Internet Banking, or Net purchasing?

Same people who also use the same password for everything.

I created a form so that each can enter (either via Word or using a pen) unique passwords for each web site (along with lock combinations, vehicle key number, etc). Not one uses it.

Meanwhile, public computers are used frequently for anything. Even if not accessing financial records, that common password is obtained.

[bluesdave]

Quote:

Originally Posted by tw

Same people who also use the same password for everything.

I know that some people do, but I have two Net banking accounts (two banks), and each one has a unique id (one bank actually has two), that have nothing to do with my name. These ids must be entered along with the password. One of the banks uses a virtual keyboard for the password. So knowing the password alone, is not enough.

But I agree with you that some people are stupid enough to use the same password for everything. I try to mix mine up, and as far as I recall I do not duplicate a password.

Access Manager is a safe and secure *free* program that I use to store my personal information. It is a Windows program and requires the dot Net framework to be preinstalled, so I know that it will not be usable by everyone here, but many should be able to.

[Sundae]

Quote:

Originally Posted by tw

Same people who also use the same password for everything.

Meanwhile, public computers are used frequently for anything. Even if not accessing financial records, that common password is obtained.

It's true in my case - I use the same password for virtually everything because I don't want to come back to something a year later and not be able to remember it. And then the username is taken, but I can't get the password sent to my email because that has changed, blahblahblah.

Although I have to point out, the worst someone can do with my details is impersonate me on a forum, get promotional cinema tickets or check train times. Not having a credit/ debit card means I look over my shoulder a lot less. I no longer have an internet banking account (when I did in the 90s the password was my first boyfriend's road name - no connection now!) and I was only ever asked two letters from it, as well as another security question.

The only place someone could do vindictive harm now is my ebay account - which has a separate password.

[Undertoad]

Most financial institutions are implementing stronger security that will ask annoying key questions if they sense you are at a public terminal or not at your usual IP address range.

[BigV]

Quote:

Originally Posted by Undertoad

Most financial institutions are implementing stronger security that will ask annoying key questions if they sense you are at a public terminal or not at your usual IP address range.

This is new. Annoying too.

[lumberjim]

Quote:

Originally Posted by Undertoad

Most financial institutions are implementing stronger security that will ask annoying key questions if they sense you are at a public terminal or not at your usual IP address range.

AND virtual keyboards to confound keyloggers. i can take a little annoyance, i think

[BigV]

Quote:

Originally Posted by lumberjim

AND virtual keyboards to confound keyloggers. i can take a little annoyance, i think

Sure. Riiiight.

Here's my take on your observations.

I find the phrase "Virtual keyboard" positively gravid with the potential for the worst kind of abuse, that being a false sense of security. I *think* I can imagine something like you're talking about, that does confound keyloggers, but I can easily think of several ways to call it the same thing that does nothing of the sort.

The sad reality is that convenient and secure practically never live in the same box. They are in inverse proportion to each other. And in those rare scenarios where both values are high, they got that way by adding a lot of money. Convenient, secure, inexpensive. Pick any two, but only two.

What most users find is that something that is annoying will not be used. And the bad guys know this too. Your threshold for annoyance is different than other people's threshold, but it is a difference of degree only. And you have your limit too, as I do, as we all do. Heck, even the lady at the bank told me that she deals with this new level of complexity by answering all the questions, regardless of the question, with the same answer. That's her solution to this security annoyance.

If it sucks to use it, it will not be used. I guaran-damn-tee it.

[monster]

And there are many who just haven't a clue. My MIL has starting using internet banking. It's scary. She wouldn't recognize a phishing email if it stank like a kipper. She would trust anyone who offered to help her. We're sending her to internet security bootcamp when she comes over in a few weeks. it's going to be like teaching the children about stranger danger. I sent my dad some sensitive information by email (coded and split into two), he reassured me that he had got the information and "destroyed the emails"

12% is a pretty small figure when you think about it. It's like when mass production cars became available and people learned to drive from the manual.

[lumberjim]

what's her email addy again? i seem to have misplaced it