Rhodri Marsden: How can we stop these criminals in cyberspace?

It's disconcertingly easy for someone to pretend to be you and use your money

Share
Related Topics

I've had many pieces of well-meaning advice given to me by my father over the years – most of them ways to avoid repeating my embarrassing DIY errors – but one memorable maxim of his was "never let your credit card out of your sight".

Before the advent of PIN terminals, following this rule would require him to pursue slightly perturbed waiters around restaurants until they gave him a slip of paper to sign; I don't think he knew exactly what underhand deeds he was looking out for, but having never been defrauded while using the technique, he stuck doggedly to it. He never worried about what happened to the credit card information after the transaction – where his number might be stored and who might have access to it – figuring that that was all probably taken care of by companies employing sophisticated security measures. Most of the time, that's probably true. But not always.

On Monday, a 28-year-old Floridan by the name of Alberto Gonzalez, along with two unnamed Russian co-conspirators, were charged in the US for stealing some 130 million credit and debit card numbers by hacking into the databases of a number of American companies that process card transactions. Gonzalez, already in federal custody for his part in the previous record-breaking theft of 40 million card numbers, is alleged to have used sophisticated software to infiltrate the systems and scoop out the data. If found guilty, all three face 35 years in prison.

Those unfortunate enough to own one of the 130 million compromised cards will probably be spluttering in indignation as to why these companies hang on to such details anyway. The answer is that they're legally obliged to, for a length of time, in case of queried transactions. But why aren't they forced to do it in a way that doesn't put our own security at risk?

There is a worldwide standard (the PCI-DSS) that any companies dealing with cardholder information are obliged to sign up to, but many security experts have pointed out that it's possible to tick all the PCI's boxes and still be insecure. The offence allegedly committed by Gonzalez is as vivid an illustration of that as one can imagine.

For once, this lapse in online security has nothing to do with us, the general public. We're guilty of all manner of stupidity when it comes to our personal financial security – writing down PIN numbers on Post-it notes, using the word "password" as our password – but in this case there's nothing we could have done, save for withdrawing entirely from the 21st century and using cash instead.

So what should these companies be doing to protect us? Graham Cluley, from internet security firm Sophos, has expressed his disbelief that our card details aren't encrypted when they're stored, so that hackers just find random gobbledygook. "If they were properly encrypted," he says, "it would take until the sun burns out for anyone to decode it."

But it's not just the companies storing our details that need to shape up. The 130 million stolen credit card numbers would be of no use to anyone if they couldn't be used to buy stuff. Any masterminds wouldn't have been the ones picking a card number and using it to buy soft furnishings on eBay; they'd sell the numbers on to other criminals in blocks of a few thousand. But eventually, someone would pretend to be you and use your money, because it's still disconcertingly easy to do.

Online shopping is a click-happy cinch, but with that convenience comes risk; if you can tap out your 16-digit number, expiry date and a supposed "secret" three-digit number on the back of your card to book a flight to the South of France, so can anyone else. We may balk at the idea of carrying around an additional device (of the kind Barclays customers now have to use for online banking) to enter our PIN every time we make a credit card purchase online, but when these kind of measures are inevitably introduced, we'll have to grin and bear it. It's for our own good, after all.

As for the likes of Alberto Gonzalez, they're talented individuals capable of writing sophisticated software that can detect weaknesses in even the strongest computer defences. Indeed, such characters frequently find themselves with job offers in the industry following their release from prison. But after a 35-year stretch, technology is likely to have marched on a bit too far for anyone to catch up. Marched on so far, one would hope, that our money would finally be safe from marauding cybercriminals. Fingers crossed.

r.marsden@independent.co.uk

React Now

Latest stories from i100
Have you tried new the Independent Digital Edition apps?
iJobs Job Widget
iJobs General

Recruitment Genius: Packaging Operatives

£7 - £8 per hour: Recruitment Genius: An opportunity has arisen for two indivi...

Ashdown Group: Trainee / Graduate Helpdesk Analyst

£20000 per annum: Ashdown Group: A highly reputable business is looking to rec...

Recruitment Genius: Estimator

£28000 per annum: Recruitment Genius: This company is a major supplier of buil...

Recruitment Genius: Software Developer

£28000 - £40000 per annum: Recruitment Genius: This is an exciting opportunity...

Day In a Page

Read Next
 

The Top Ten: Words In Christmas Carols That Ought To Be Revived

John Rentoul
Polish minister Rafal Trazaskowski (second from right)  

Poland is open to dialogue but EU benefits restrictions are illegal and unfair

Rafal Trzaskowski
Homeless Veterans appeal: 'You look for someone who's an inspiration and try to be like them'

Homeless Veterans appeal

In 2010, Sgt Gary Jamieson stepped on an IED in Afghanistan and lost his legs and an arm. He reveals what, and who, helped him to make a remarkable recovery
Could cannabis oil reverse the effects of cancer?

Could cannabis oil reverse effects of cancer?

As a film following six patients receiving the controversial treatment is released, Kate Hilpern uncovers a very slippery issue
The Interview movie review: You can't see Seth Rogen and James Franco's Kim Jong Un assassination film, but you can read about it here

The Interview movie review

You can't see Seth Rogen and James Franco's Kim Jong Un assassination film, but you can read about it here
Serial mania has propelled podcasts into the cultural mainstream

How podcasts became mainstream

People have consumed gripping armchair investigation Serial with a relish typically reserved for box-set binges
Jesus Christ has become an unlikely pin-up for hipster marketing companies

Jesus Christ has become an unlikely pin-up

Kevin Lee Light, aka "Jesus", is the newest client of creative agency Mother while rival agency Anomaly has launched Sexy Jesus, depicting the Messiah in a series of Athena-style poses
Rosetta space mission voted most important scientific breakthrough of 2014

A memorable year for science – if not for mice

The most important scientific breakthroughs of 2014
Christmas cocktails to make you merry: From eggnog to Brown Betty and Rum Bumpo

Christmas cocktails to make you merry

Mulled wine is an essential seasonal treat. But now drinkers are rediscovering other traditional festive tipples. Angela Clutton raises a glass to Christmas cocktails
5 best activity trackers

Fitness technology: 5 best activity trackers

Up the ante in your regimen and change the habits of a lifetime with this wearable tech
Paul Scholes column: It's a little-known fact, but I have played one of the seven dwarves

Paul Scholes column

It's a little-known fact, but I have played one of the seven dwarves
Fifa's travelling circus once again steals limelight from real stars

Fifa's travelling circus once again steals limelight from real stars

Club World Cup kicked into the long grass by the continued farce surrounding Blatter, Garcia, Russia and Qatar
Frank Warren column: 2014 – boxing is back and winning new fans

Frank Warren: Boxing is back and winning new fans

2014 proves it's now one of sport's biggest hitters again
Jeb Bush vs Hillary Clinton: The power dynamics of the two first families

Jeb Bush vs Hillary Clinton

Karen Tumulty explores the power dynamics of the two first families
Stockholm is rivalling Silicon Valley with a hotbed of technology start-ups

Stockholm is rivalling Silicon Valley

The Swedish capital is home to two of the most popular video games in the world, as well as thousands of technology start-ups worth hundreds of millions of pounds – and it's all happened since 2009
Did Japanese workers really get their symbols mixed up and display Santa on a crucifix?

Crucified Santa: Urban myth refuses to die

The story goes that Japanese store workers created a life-size effigy of a smiling "Father Kurisumasu" attached to a facsimile of Our Lord's final instrument of torture
Jennifer Saunders and Kate Moss join David Walliams on set for TV adaptation of The Boy in the Dress

The Boy in the Dress: On set with the stars

Walliams' story about a boy who goes to school in a dress will be shown this Christmas