Rhodri Marsden: How can we stop these criminals in cyberspace?

It's disconcertingly easy for someone to pretend to be you and use your money

Share
Related Topics

I've had many pieces of well-meaning advice given to me by my father over the years – most of them ways to avoid repeating my embarrassing DIY errors – but one memorable maxim of his was "never let your credit card out of your sight".

Before the advent of PIN terminals, following this rule would require him to pursue slightly perturbed waiters around restaurants until they gave him a slip of paper to sign; I don't think he knew exactly what underhand deeds he was looking out for, but having never been defrauded while using the technique, he stuck doggedly to it. He never worried about what happened to the credit card information after the transaction – where his number might be stored and who might have access to it – figuring that that was all probably taken care of by companies employing sophisticated security measures. Most of the time, that's probably true. But not always.

On Monday, a 28-year-old Floridan by the name of Alberto Gonzalez, along with two unnamed Russian co-conspirators, were charged in the US for stealing some 130 million credit and debit card numbers by hacking into the databases of a number of American companies that process card transactions. Gonzalez, already in federal custody for his part in the previous record-breaking theft of 40 million card numbers, is alleged to have used sophisticated software to infiltrate the systems and scoop out the data. If found guilty, all three face 35 years in prison.

Those unfortunate enough to own one of the 130 million compromised cards will probably be spluttering in indignation as to why these companies hang on to such details anyway. The answer is that they're legally obliged to, for a length of time, in case of queried transactions. But why aren't they forced to do it in a way that doesn't put our own security at risk?

There is a worldwide standard (the PCI-DSS) that any companies dealing with cardholder information are obliged to sign up to, but many security experts have pointed out that it's possible to tick all the PCI's boxes and still be insecure. The offence allegedly committed by Gonzalez is as vivid an illustration of that as one can imagine.

For once, this lapse in online security has nothing to do with us, the general public. We're guilty of all manner of stupidity when it comes to our personal financial security – writing down PIN numbers on Post-it notes, using the word "password" as our password – but in this case there's nothing we could have done, save for withdrawing entirely from the 21st century and using cash instead.

So what should these companies be doing to protect us? Graham Cluley, from internet security firm Sophos, has expressed his disbelief that our card details aren't encrypted when they're stored, so that hackers just find random gobbledygook. "If they were properly encrypted," he says, "it would take until the sun burns out for anyone to decode it."

But it's not just the companies storing our details that need to shape up. The 130 million stolen credit card numbers would be of no use to anyone if they couldn't be used to buy stuff. Any masterminds wouldn't have been the ones picking a card number and using it to buy soft furnishings on eBay; they'd sell the numbers on to other criminals in blocks of a few thousand. But eventually, someone would pretend to be you and use your money, because it's still disconcertingly easy to do.

Online shopping is a click-happy cinch, but with that convenience comes risk; if you can tap out your 16-digit number, expiry date and a supposed "secret" three-digit number on the back of your card to book a flight to the South of France, so can anyone else. We may balk at the idea of carrying around an additional device (of the kind Barclays customers now have to use for online banking) to enter our PIN every time we make a credit card purchase online, but when these kind of measures are inevitably introduced, we'll have to grin and bear it. It's for our own good, after all.

As for the likes of Alberto Gonzalez, they're talented individuals capable of writing sophisticated software that can detect weaknesses in even the strongest computer defences. Indeed, such characters frequently find themselves with job offers in the industry following their release from prison. But after a 35-year stretch, technology is likely to have marched on a bit too far for anyone to catch up. Marched on so far, one would hope, that our money would finally be safe from marauding cybercriminals. Fingers crossed.

r.marsden@independent.co.uk

React Now

  • Get to the point
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
iJobs Job Widget
iJobs General

Recruitment Genius: Sales Manager

£35000 - £45000 per annum: Recruitment Genius: This is a unique opportunity to...

Recruitment Genius: Trainee Manager - Production

Negotiable: Recruitment Genius: Trainee Managers are required to join the UK's...

Recruitment Genius: Telesales Manager

£25000 - £35000 per annum: Recruitment Genius: You will maximise the effective...

SThree: Trainee Recruitment Consultant

£20000 - £25000 per annum + uncapped commission : SThree: Hello! I know most ...

Day In a Page

Read Next
A picture posted by Lubitz to Facebook in February 2013  

Andreas Lubitz: Knee-jerk reaction to 9/11 enabled mass murder

Simon Calder
The Archbishop of Canterbury, the Most Rev Justin Welby, presides at the reinterment of Richard III yesterday  

Richard III: We Leicester folk have one question: how much did it all cost?

Sean O’Grady
The saffron censorship that governs India: Why national pride and religious sentiment trump freedom of expression

The saffron censorship that governs India

Zareer Masani reveals why national pride and religious sentiment trump freedom of expression
Prince Charles' 'black spider' letters to be published 'within weeks'

Prince Charles' 'black spider' letters to be published 'within weeks'

Supreme Court rules Dominic Grieve's ministerial veto was invalid
Distressed Zayn Malik fans are cutting themselves - how did fandom get so dark?

How did fandom get so dark?

Grief over Zayn Malik's exit from One Direction seemed amusing until stories of mass 'cutting' emerged. Experts tell Gillian Orr the distress is real, and the girls need support
The galaxy collisions that shed light on unseen parallel Universe

The cosmic collisions that have shed light on unseen parallel Universe

Dark matter study gives scientists insight into mystery of space
The Swedes are adding a gender-neutral pronoun to their dictionary

Swedes introduce gender-neutral pronoun

Why, asks Simon Usborne, must English still struggle awkwardly with the likes of 's/he' and 'they'?
Disney's mega money-making formula: 'Human' remakes of cartoon classics are part of a lucrative, long-term creative plan

Disney's mega money-making formula

'Human' remakes of cartoon classics are part of a lucrative, long-term creative plan
Lobster has gone mainstream with supermarket bargains for £10 or less - but is it any good?

Lobster has gone mainstream

Anthea Gerrie, raised on meaty specimens from the waters around Maine, reveals how to cook up an affordable feast
Easter 2015: 14 best decorations

14 best Easter decorations

Get into the Easter spirit with our pick of accessories, ornaments and tableware
Paul Scholes column: Gareth Bale would be a perfect fit at Manchester United and could turn them into serious title contenders next season

Paul Scholes column

Gareth Bale would be a perfect fit at Manchester United and could turn them into serious title contenders next season
Inside the Kansas greenhouses where Monsanto is 'playing God' with the future of the planet

The future of GM

The greenhouses where Monsanto 'plays God' with the future of the planet
Britain's mild winters could be numbered: why global warming is leaving UK chillier

Britain's mild winters could be numbered

Gulf Stream is slowing down faster than ever, scientists say
Government gives £250,000 to Independent appeal

Government gives £250,000 to Independent appeal

Donation brings total raised by Homeless Veterans campaign to at least £1.25m
Oh dear, the most borrowed book at Bank of England library doesn't inspire confidence

The most borrowed book at Bank of England library? Oh dear

The book's fifth edition is used for Edexcel exams
Cowslips vs honeysuckle: The hunt for the UK’s favourite wildflower

Cowslips vs honeysuckle

It's the hunt for UK’s favourite wildflower
Child abuse scandal: Did a botched blackmail attempt by South African intelligence help Cyril Smith escape justice?

Did a botched blackmail attempt help Cyril Smith escape justice?

A fresh twist reveals the Liberal MP was targeted by the notorious South African intelligence agency Boss