Rhodri Marsden: How can we stop these criminals in cyberspace?

It's disconcertingly easy for someone to pretend to be you and use your money

Share
Related Topics

I've had many pieces of well-meaning advice given to me by my father over the years – most of them ways to avoid repeating my embarrassing DIY errors – but one memorable maxim of his was "never let your credit card out of your sight".

Before the advent of PIN terminals, following this rule would require him to pursue slightly perturbed waiters around restaurants until they gave him a slip of paper to sign; I don't think he knew exactly what underhand deeds he was looking out for, but having never been defrauded while using the technique, he stuck doggedly to it. He never worried about what happened to the credit card information after the transaction – where his number might be stored and who might have access to it – figuring that that was all probably taken care of by companies employing sophisticated security measures. Most of the time, that's probably true. But not always.

On Monday, a 28-year-old Floridan by the name of Alberto Gonzalez, along with two unnamed Russian co-conspirators, were charged in the US for stealing some 130 million credit and debit card numbers by hacking into the databases of a number of American companies that process card transactions. Gonzalez, already in federal custody for his part in the previous record-breaking theft of 40 million card numbers, is alleged to have used sophisticated software to infiltrate the systems and scoop out the data. If found guilty, all three face 35 years in prison.

Those unfortunate enough to own one of the 130 million compromised cards will probably be spluttering in indignation as to why these companies hang on to such details anyway. The answer is that they're legally obliged to, for a length of time, in case of queried transactions. But why aren't they forced to do it in a way that doesn't put our own security at risk?

There is a worldwide standard (the PCI-DSS) that any companies dealing with cardholder information are obliged to sign up to, but many security experts have pointed out that it's possible to tick all the PCI's boxes and still be insecure. The offence allegedly committed by Gonzalez is as vivid an illustration of that as one can imagine.

For once, this lapse in online security has nothing to do with us, the general public. We're guilty of all manner of stupidity when it comes to our personal financial security – writing down PIN numbers on Post-it notes, using the word "password" as our password – but in this case there's nothing we could have done, save for withdrawing entirely from the 21st century and using cash instead.

So what should these companies be doing to protect us? Graham Cluley, from internet security firm Sophos, has expressed his disbelief that our card details aren't encrypted when they're stored, so that hackers just find random gobbledygook. "If they were properly encrypted," he says, "it would take until the sun burns out for anyone to decode it."

But it's not just the companies storing our details that need to shape up. The 130 million stolen credit card numbers would be of no use to anyone if they couldn't be used to buy stuff. Any masterminds wouldn't have been the ones picking a card number and using it to buy soft furnishings on eBay; they'd sell the numbers on to other criminals in blocks of a few thousand. But eventually, someone would pretend to be you and use your money, because it's still disconcertingly easy to do.

Online shopping is a click-happy cinch, but with that convenience comes risk; if you can tap out your 16-digit number, expiry date and a supposed "secret" three-digit number on the back of your card to book a flight to the South of France, so can anyone else. We may balk at the idea of carrying around an additional device (of the kind Barclays customers now have to use for online banking) to enter our PIN every time we make a credit card purchase online, but when these kind of measures are inevitably introduced, we'll have to grin and bear it. It's for our own good, after all.

As for the likes of Alberto Gonzalez, they're talented individuals capable of writing sophisticated software that can detect weaknesses in even the strongest computer defences. Indeed, such characters frequently find themselves with job offers in the industry following their release from prison. But after a 35-year stretch, technology is likely to have marched on a bit too far for anyone to catch up. Marched on so far, one would hope, that our money would finally be safe from marauding cybercriminals. Fingers crossed.

r.marsden@independent.co.uk

React Now

Latest stories from i100
Have you tried new the Independent Digital Edition apps?
iJobs Job Widget
iJobs General

Associate Recrutiment Consultant

£18000 - £23000 per annum + Uncapped OTE: SThree: SThree Group have been well ...

Trainee Recruitment Consultant

£18000 - £23000 per annum + OTE: SThree: Real Staffing Group is seeking Traine...

Year 6 Teacher (interventions)

£120 - £140 per day: Randstad Education Leeds: We have an exciting opportunity...

PMLD Teacher

Competitive: Randstad Education Manchester: SEN Teacher urgently required for ...

Day In a Page

Read Next
 

Letter from the Political Editor: Cameron's unexpected tax pledges give the Tories home advantage

Andrew Grice
President Barack Obama walks with U.S. Secret Service agents to Air Force One at Los Angeles International Airport in Los Angeles, Calif., May 8, 2014.  

Obama's Secret Service has become sloppy with its delusions of Hollywood grandeur

David Usborne
Italian couples fake UK divorce scam on an ‘industrial scale’

Welcome to Maidenhead, the divorce capital of... Italy

A look at the the legal tourists who exploited our liberal dissolution rules
Time to stop running: At the start of Yom Kippur and with anti-Semitism flourishing, one Jew can no longer ignore his identity

Time to stop running

At the start of Yom Kippur and with anti-Semitism flourishing, one Jew can no longer ignore his identity
Tom and Jerry cartoons now carry a 'racial prejudice' warning on Amazon

Tom and Jerry cartoons now carry a 'racial prejudice' warning on Amazon

The vintage series has often been criticised for racial stereotyping
An app for the amorous: Could Good2Go end disputes about sexual consent - without being a passion-killer?

An app for the amorous

Could Good2Go end disputes about sexual consent - without being a passion-killer?
Llansanffraid is now Llansantffraid. Welsh town changes its name, but can you spot the difference?

Llansanffraid is now Llansantffraid

Welsh town changes its name, but can you spot the difference?
Charlotte Riley: At the peak of her powers

Charlotte Riley: At the peak of her powers

After a few early missteps with Chekhov, her acting career has taken her to Hollywood. Next up is a role in the BBC’s gangster drama ‘Peaky Blinders’
She's having a laugh: Britain's female comedians have never had it so good

She's having a laugh

Britain's female comedians have never had it so good, says stand-up Natalie Haynes
Sistine Chapel to ‘sing’ with new LED lights designed to bring Michelangelo’s masterpiece out of the shadows

Let there be light

Sistine Chapel to ‘sing’ with new LEDs designed to bring Michelangelo’s masterpiece out of the shadows
Great British Bake Off, semi-final, review: Richard remains the baker to beat

Tensions rise in Bake Off's pastry week

Richard remains the baker to beat as Chetna begins to flake
Paris Fashion Week, spring/summer 2015: Time travel fashion at Louis Vuitton in Paris

A look to the future

It's time travel fashion at Louis Vuitton in Paris
The 10 best bedspreads

The 10 best bedspreads

Before you up the tog count on your duvet, add an extra layer and a room-changing piece to your bed this autumn
Arsenal vs Galatasaray: Five things we learnt from the Emirates

Arsenal vs Galatasaray

Five things we learnt from the Gunners' Champions League victory at the Emirates
Stuart Lancaster’s long-term deal makes sense – a rarity for a decision taken by the RFU

Lancaster’s long-term deal makes sense – a rarity for a decision taken by the RFU

This deal gives England a head-start to prepare for 2019 World Cup, says Chris Hewett
Ebola outbreak: The children orphaned by the virus – then rejected by surviving relatives over fear of infection

The children orphaned by Ebola...

... then rejected by surviving relatives over fear of infection
Pride: Are censors pandering to homophobia?

Are censors pandering to homophobia?

US film censors have ruled 'Pride' unfit for under-16s, though it contains no sex or violence