Rhodri Marsden: How can we stop these criminals in cyberspace?

It's disconcertingly easy for someone to pretend to be you and use your money

Share
Related Topics

I've had many pieces of well-meaning advice given to me by my father over the years – most of them ways to avoid repeating my embarrassing DIY errors – but one memorable maxim of his was "never let your credit card out of your sight".

Before the advent of PIN terminals, following this rule would require him to pursue slightly perturbed waiters around restaurants until they gave him a slip of paper to sign; I don't think he knew exactly what underhand deeds he was looking out for, but having never been defrauded while using the technique, he stuck doggedly to it. He never worried about what happened to the credit card information after the transaction – where his number might be stored and who might have access to it – figuring that that was all probably taken care of by companies employing sophisticated security measures. Most of the time, that's probably true. But not always.

On Monday, a 28-year-old Floridan by the name of Alberto Gonzalez, along with two unnamed Russian co-conspirators, were charged in the US for stealing some 130 million credit and debit card numbers by hacking into the databases of a number of American companies that process card transactions. Gonzalez, already in federal custody for his part in the previous record-breaking theft of 40 million card numbers, is alleged to have used sophisticated software to infiltrate the systems and scoop out the data. If found guilty, all three face 35 years in prison.

Those unfortunate enough to own one of the 130 million compromised cards will probably be spluttering in indignation as to why these companies hang on to such details anyway. The answer is that they're legally obliged to, for a length of time, in case of queried transactions. But why aren't they forced to do it in a way that doesn't put our own security at risk?

There is a worldwide standard (the PCI-DSS) that any companies dealing with cardholder information are obliged to sign up to, but many security experts have pointed out that it's possible to tick all the PCI's boxes and still be insecure. The offence allegedly committed by Gonzalez is as vivid an illustration of that as one can imagine.

For once, this lapse in online security has nothing to do with us, the general public. We're guilty of all manner of stupidity when it comes to our personal financial security – writing down PIN numbers on Post-it notes, using the word "password" as our password – but in this case there's nothing we could have done, save for withdrawing entirely from the 21st century and using cash instead.

So what should these companies be doing to protect us? Graham Cluley, from internet security firm Sophos, has expressed his disbelief that our card details aren't encrypted when they're stored, so that hackers just find random gobbledygook. "If they were properly encrypted," he says, "it would take until the sun burns out for anyone to decode it."

But it's not just the companies storing our details that need to shape up. The 130 million stolen credit card numbers would be of no use to anyone if they couldn't be used to buy stuff. Any masterminds wouldn't have been the ones picking a card number and using it to buy soft furnishings on eBay; they'd sell the numbers on to other criminals in blocks of a few thousand. But eventually, someone would pretend to be you and use your money, because it's still disconcertingly easy to do.

Online shopping is a click-happy cinch, but with that convenience comes risk; if you can tap out your 16-digit number, expiry date and a supposed "secret" three-digit number on the back of your card to book a flight to the South of France, so can anyone else. We may balk at the idea of carrying around an additional device (of the kind Barclays customers now have to use for online banking) to enter our PIN every time we make a credit card purchase online, but when these kind of measures are inevitably introduced, we'll have to grin and bear it. It's for our own good, after all.

As for the likes of Alberto Gonzalez, they're talented individuals capable of writing sophisticated software that can detect weaknesses in even the strongest computer defences. Indeed, such characters frequently find themselves with job offers in the industry following their release from prison. But after a 35-year stretch, technology is likely to have marched on a bit too far for anyone to catch up. Marched on so far, one would hope, that our money would finally be safe from marauding cybercriminals. Fingers crossed.

r.marsden@independent.co.uk

React Now

Latest stories from i100
Have you tried new the Independent Digital Edition apps?
iJobs Job Widget
iJobs General

Recruitment Genius: Bookkeeper / Office Co-ordinator

£9 per hour: Recruitment Genius: This role is based within a small family run ...

Recruitment Genius: Designer - Print & Digital

£28000 - £32000 per annum: Recruitment Genius: This Design and marketing agenc...

Recruitment Genius: Quantity Surveyor

£46000 per annum: Recruitment Genius: This property investment firm are lookin...

Recruitment Genius: Telesales / Telemarketing Executive - OTE £30k / £35k plus

£18000 - £35000 per annum: Recruitment Genius: This company specialises provid...

Day In a Page

Read Next
 

Errors & Omissions: When is a baroness not a baroness? Titles still cause confusion

Guy Keleny
 

CPAC 2015: What I learnt from the US — and what the US could learn from Ukip

Nigel Farage
Chelsea vs Tottenham: Harry Kane was at Wembley to see Spurs beat the Blues and win the Capital One Cup - now he's their great hope

Harry Kane interview

The striker was at Wembley to see Spurs beat the Blues and win the Capital One Cup - now he's their great hope
The Last Word: For the good of the game: why on earth don’t we leave Fifa?

Michael Calvin's Last Word

For the good of the game: why on earth don’t we leave Fifa?
HIV pill: Scientists hail discovery of 'game-changer' that cuts the risk of infection among gay men by 86%

Scientists hail daily pill that protects against HIV infection

Breakthrough in battle against global scourge – but will the NHS pay for it?
How we must adjust our lifestyles to nature: Welcome to the 'Anthropocene', the human epoch

Time to play God

Welcome to the 'Anthropocene', the human epoch where we may need to redefine nature itself
MacGyver returns, but with a difference: Handyman hero of classic 1980s TV series to be recast as a woman

MacGyver returns, but with a difference

Handyman hero of classic 1980s TV series to be recast as a woman
Tunnel renaissance: Why cities are hiding roads down in the ground

Tunnel renaissance

Why cities are hiding roads underground
'Backstreet Boys - Show 'Em What You're Made Of': An affectionate look at five middle-aged men

Boys to men

The Backstreet Boys might be middle-aged, married and have dodgy knees, but a heartfelt documentary reveals they’re not going gently into pop’s good night
Crufts 2015: Should foreign dogs be allowed to compete?

Crufts 2015

Should foreign dogs be allowed to compete?
10 best projectors

How to make your home cinema more cinematic: 10 best projectors

Want to recreate the big-screen experience in your sitting room? IndyBest sizes up gadgets to form your film-watching
Manchester City 1 Barcelona 2 player ratings: Luis Suarez? Lionel Messi? Joe Hart? Who was the star man?

Manchester City vs Barcelona player ratings

Luis Suarez? Lionel Messi? Joe Hart? Who was the star man at the Etihad?
Arsenal vs Monaco: Monaco - the making of Gunners' manager Arsene Wenger

Monaco: the making of Wenger

Jack Pitt-Brooke speaks to former players and learns the Frenchman’s man-management has always been one of his best skills
Cricket World Cup 2015: Chris Gayle - the West Indies' enigma lives up to his reputation

Chris Gayle: The West Indies' enigma

Some said the game's eternal rebel was washed up. As ever, he proved he writes the scripts by producing a blistering World Cup innings
In Ukraine a dark world of hybrid warfare and murky loyalties prevails

In Ukraine a dark world of hybrid warfare

This war in the shadows has been going on since the fall of Mr Yanukovych
'Birdman' and 'Bullets Over Broadway': Homage or plagiarism?

Homage or plagiarism?

'Birdman' shares much DNA with Woody Allen's 'Bullets Over Broadway'
Broadchurch ends as damp squib not even David Tennant can revive

A damp squib not even David Tennant can revive

Broadchurch, Series 2 finale, review