Rhodri Marsden: How can we stop these criminals in cyberspace?

It's disconcertingly easy for someone to pretend to be you and use your money

Share
Related Topics

I've had many pieces of well-meaning advice given to me by my father over the years – most of them ways to avoid repeating my embarrassing DIY errors – but one memorable maxim of his was "never let your credit card out of your sight".

Before the advent of PIN terminals, following this rule would require him to pursue slightly perturbed waiters around restaurants until they gave him a slip of paper to sign; I don't think he knew exactly what underhand deeds he was looking out for, but having never been defrauded while using the technique, he stuck doggedly to it. He never worried about what happened to the credit card information after the transaction – where his number might be stored and who might have access to it – figuring that that was all probably taken care of by companies employing sophisticated security measures. Most of the time, that's probably true. But not always.

On Monday, a 28-year-old Floridan by the name of Alberto Gonzalez, along with two unnamed Russian co-conspirators, were charged in the US for stealing some 130 million credit and debit card numbers by hacking into the databases of a number of American companies that process card transactions. Gonzalez, already in federal custody for his part in the previous record-breaking theft of 40 million card numbers, is alleged to have used sophisticated software to infiltrate the systems and scoop out the data. If found guilty, all three face 35 years in prison.

Those unfortunate enough to own one of the 130 million compromised cards will probably be spluttering in indignation as to why these companies hang on to such details anyway. The answer is that they're legally obliged to, for a length of time, in case of queried transactions. But why aren't they forced to do it in a way that doesn't put our own security at risk?

There is a worldwide standard (the PCI-DSS) that any companies dealing with cardholder information are obliged to sign up to, but many security experts have pointed out that it's possible to tick all the PCI's boxes and still be insecure. The offence allegedly committed by Gonzalez is as vivid an illustration of that as one can imagine.

For once, this lapse in online security has nothing to do with us, the general public. We're guilty of all manner of stupidity when it comes to our personal financial security – writing down PIN numbers on Post-it notes, using the word "password" as our password – but in this case there's nothing we could have done, save for withdrawing entirely from the 21st century and using cash instead.

So what should these companies be doing to protect us? Graham Cluley, from internet security firm Sophos, has expressed his disbelief that our card details aren't encrypted when they're stored, so that hackers just find random gobbledygook. "If they were properly encrypted," he says, "it would take until the sun burns out for anyone to decode it."

But it's not just the companies storing our details that need to shape up. The 130 million stolen credit card numbers would be of no use to anyone if they couldn't be used to buy stuff. Any masterminds wouldn't have been the ones picking a card number and using it to buy soft furnishings on eBay; they'd sell the numbers on to other criminals in blocks of a few thousand. But eventually, someone would pretend to be you and use your money, because it's still disconcertingly easy to do.

Online shopping is a click-happy cinch, but with that convenience comes risk; if you can tap out your 16-digit number, expiry date and a supposed "secret" three-digit number on the back of your card to book a flight to the South of France, so can anyone else. We may balk at the idea of carrying around an additional device (of the kind Barclays customers now have to use for online banking) to enter our PIN every time we make a credit card purchase online, but when these kind of measures are inevitably introduced, we'll have to grin and bear it. It's for our own good, after all.

As for the likes of Alberto Gonzalez, they're talented individuals capable of writing sophisticated software that can detect weaknesses in even the strongest computer defences. Indeed, such characters frequently find themselves with job offers in the industry following their release from prison. But after a 35-year stretch, technology is likely to have marched on a bit too far for anyone to catch up. Marched on so far, one would hope, that our money would finally be safe from marauding cybercriminals. Fingers crossed.

r.marsden@independent.co.uk

React Now

Latest stories from i100
Have you tried new the Independent Digital Edition apps?
iJobs Job Widget
iJobs General

Recruitment Genius: Digital Content Manager

£26000 - £31000 per annum: Recruitment Genius: A Digital Content Manager is re...

Recruitment Genius: Senior .Net Application Developer

£40000 - £60000 per annum: Recruitment Genius: This is a fantastic opportunity...

Recruitment Genius: Office Administrator

£14000 - £17500 per annum: Recruitment Genius: The successful applicant will b...

Recruitment Genius: Continuous Improvement Manager

£41500 per annum: Recruitment Genius: This company is going through a period o...

Day In a Page

Read Next
 

If I were Prime Minister: I would tackle our looming dementia crisis

Susan Greenfield
 

Letters: NHS data-sharing is good for patients

Independent Voices
Isis hostage crisis: The prisoner swap has only one purpose for the militants - recognition its Islamic State exists and that foreign nations acknowledge its power

Isis hostage crisis

The prisoner swap has only one purpose for the militants - recognition its Islamic State exists and that foreign nations acknowledge its power, says Robert Fisk
Missing salvage expert who found $50m of sunken treasure before disappearing, tracked down at last

The runaway buccaneers and the ship full of gold

Salvage expert Tommy Thompson found sunken treasure worth millions. Then he vanished... until now
Homeless Veterans appeal: ‘If you’re hard on the world you are hard on yourself’

Homeless Veterans appeal: ‘If you’re hard on the world you are hard on yourself’

Maverick artist Grayson Perry backs our campaign
Assisted Dying Bill: I want to be able to decide about my own death - I want to have control of my life

Assisted Dying Bill: 'I want control of my life'

This week the Assisted Dying Bill is debated in the Lords. Virginia Ironside, who has already made plans for her own self-deliverance, argues that it's time we allowed people a humane, compassionate death
Move over, kale - cabbage is the new rising star

Cabbage is king again

Sophie Morris banishes thoughts of soggy school dinners and turns over a new leaf
11 best winter skin treats

Give your moisturiser a helping hand: 11 best winter skin treats

Get an extra boost of nourishment from one of these hard-working products
Paul Scholes column: The more Jose Mourinho attempts to influence match officials, the more they are likely to ignore him

Paul Scholes column

The more Jose Mourinho attempts to influence match officials, the more they are likely to ignore him
Frank Warren column: No cigar, but pots of money: here come the Cubans

Frank Warren's Ringside

No cigar, but pots of money: here come the Cubans
Isis hostage crisis: Militant group stands strong as its numerous enemies fail to find a common plan to defeat it

Isis stands strong as its numerous enemies fail to find a common plan to defeat it

The jihadis are being squeezed militarily and economically, but there is no sign of an implosion, says Patrick Cockburn
Virtual reality thrusts viewers into the frontline of global events - and puts film-goers at the heart of the action

Virtual reality: Seeing is believing

Virtual reality thrusts viewers into the frontline of global events - and puts film-goers at the heart of the action
Homeless Veterans appeal: MP says Coalition ‘not doing enough’

Homeless Veterans appeal

MP says Coalition ‘not doing enough’ to help
Larry David, Steve Coogan and other comedians share stories of depression in new documentary

Comedians share stories of depression

The director of the new documentary, Kevin Pollak, tells Jessica Barrett how he got them to talk
Has The Archers lost the plot with it's spicy storylines?

Has The Archers lost the plot?

A growing number of listeners are voicing their discontent over the rural soap's spicy storylines; so loudly that even the BBC's director-general seems worried, says Simon Kelner
English Heritage adds 14 post-war office buildings to its protected lists

14 office buildings added to protected lists

Christopher Beanland explores the underrated appeal of these palaces of pen-pushing
Human skull discovery in Israel proves humans lived side-by-side with Neanderthals

Human skull discovery in Israel proves humans lived side-by-side with Neanderthals

Scientists unearthed the cranial fragments from Manot Cave in West Galilee