Rhodri Marsden: How can we stop these criminals in cyberspace?

It's disconcertingly easy for someone to pretend to be you and use your money

Share
Related Topics

I've had many pieces of well-meaning advice given to me by my father over the years – most of them ways to avoid repeating my embarrassing DIY errors – but one memorable maxim of his was "never let your credit card out of your sight".

Before the advent of PIN terminals, following this rule would require him to pursue slightly perturbed waiters around restaurants until they gave him a slip of paper to sign; I don't think he knew exactly what underhand deeds he was looking out for, but having never been defrauded while using the technique, he stuck doggedly to it. He never worried about what happened to the credit card information after the transaction – where his number might be stored and who might have access to it – figuring that that was all probably taken care of by companies employing sophisticated security measures. Most of the time, that's probably true. But not always.

On Monday, a 28-year-old Floridan by the name of Alberto Gonzalez, along with two unnamed Russian co-conspirators, were charged in the US for stealing some 130 million credit and debit card numbers by hacking into the databases of a number of American companies that process card transactions. Gonzalez, already in federal custody for his part in the previous record-breaking theft of 40 million card numbers, is alleged to have used sophisticated software to infiltrate the systems and scoop out the data. If found guilty, all three face 35 years in prison.

Those unfortunate enough to own one of the 130 million compromised cards will probably be spluttering in indignation as to why these companies hang on to such details anyway. The answer is that they're legally obliged to, for a length of time, in case of queried transactions. But why aren't they forced to do it in a way that doesn't put our own security at risk?

There is a worldwide standard (the PCI-DSS) that any companies dealing with cardholder information are obliged to sign up to, but many security experts have pointed out that it's possible to tick all the PCI's boxes and still be insecure. The offence allegedly committed by Gonzalez is as vivid an illustration of that as one can imagine.

For once, this lapse in online security has nothing to do with us, the general public. We're guilty of all manner of stupidity when it comes to our personal financial security – writing down PIN numbers on Post-it notes, using the word "password" as our password – but in this case there's nothing we could have done, save for withdrawing entirely from the 21st century and using cash instead.

So what should these companies be doing to protect us? Graham Cluley, from internet security firm Sophos, has expressed his disbelief that our card details aren't encrypted when they're stored, so that hackers just find random gobbledygook. "If they were properly encrypted," he says, "it would take until the sun burns out for anyone to decode it."

But it's not just the companies storing our details that need to shape up. The 130 million stolen credit card numbers would be of no use to anyone if they couldn't be used to buy stuff. Any masterminds wouldn't have been the ones picking a card number and using it to buy soft furnishings on eBay; they'd sell the numbers on to other criminals in blocks of a few thousand. But eventually, someone would pretend to be you and use your money, because it's still disconcertingly easy to do.

Online shopping is a click-happy cinch, but with that convenience comes risk; if you can tap out your 16-digit number, expiry date and a supposed "secret" three-digit number on the back of your card to book a flight to the South of France, so can anyone else. We may balk at the idea of carrying around an additional device (of the kind Barclays customers now have to use for online banking) to enter our PIN every time we make a credit card purchase online, but when these kind of measures are inevitably introduced, we'll have to grin and bear it. It's for our own good, after all.

As for the likes of Alberto Gonzalez, they're talented individuals capable of writing sophisticated software that can detect weaknesses in even the strongest computer defences. Indeed, such characters frequently find themselves with job offers in the industry following their release from prison. But after a 35-year stretch, technology is likely to have marched on a bit too far for anyone to catch up. Marched on so far, one would hope, that our money would finally be safe from marauding cybercriminals. Fingers crossed.

r.marsden@independent.co.uk

React Now

Latest stories from i100
Have you tried new the Independent Digital Edition apps?
iJobs Job Widget
iJobs General

Cover Supervisor

£50 per day: Randstad Education Chelmsford: Randstad Education is looking to e...

Science Teacher

£100 - £120 per day: Randstad Education Chelmsford: Science Teacher - Maternit...

Systems and Network Administrator

Negotiable: Randstad Education Leicester: We are recruiting for a Systems and ...

English Teacher

£120 - £140 per day: Randstad Education Group: English as an Additional Langua...

Day In a Page

Read Next
Photo issued by Flinders University of an artist's impression of a Microbrachius dicki mating scene  

One look at us Scots is enough to show how it was our fishy ancestors who invented sex

Donald MacInnes
Oscar Pistorius is led out of court in Pretoria. Pistorius received a five-year prison sentence for culpable homicide by judge Thokozile Masipais for the killing of his girlfriend Reeva Steenkamp  

Oscar Pistorius sentence: Judge Masipa might have shown mercy, but she has delivered perfect justice

Chris Maume
Two super-sized ships have cruised into British waters, but how big can these behemoths get?

Super-sized ships: How big can they get?

Two of the largest vessels in the world cruised into UK waters last week
British doctors on brink of 'cure' for paralysis with spinal cord treatment

British doctors on brink of cure for paralysis

Sufferers can now be offered the possibility of cure thanks to a revolutionary implant of regenerative cells
Let's talk about loss

We need to talk about loss

Secrecy and silence surround stillbirth
Will there be an all-female mission to Mars?

Will there be an all-female mission to Mars?

Women may be better suited to space travel than men are
Oscar Pistorius sentencing: The athlete's wealth and notoriety have provoked a long overdue debate on South African prisons

'They poured water on, then electrified me...'

If Oscar Pistorius is sent to jail, his experience will not be that of other inmates
James Wharton: The former Guard now fighting discrimination against gay soldiers

The former Guard now fighting discrimination against gay soldiers

Life after the Army has brought new battles for the LGBT activist James Wharton
Ebola in the US: Panic over the virus threatens to infect President Obama's midterms

Panic over Ebola threatens to infect the midterms

Just one person has died, yet November's elections may be affected by what Republicans call 'Obama's Katrina', says Rupert Cornwell
Premier League coaches join the RSC to swap the tricks of their trades

Darling, you were fabulous! But offside...

Premier League coaches are joining the RSC to learn acting skills, and in turn they will teach its actors to play football. Nick Clark finds out why
How to dress with authority: Kirsty Wark and Camila Batmanghelidjh discuss the changing role of fashion in women's workwear

How to dress with authority

Kirsty Wark and Camila Batmanghelidjh discuss the changing role of fashion in women's workwear
New book on Joy Division's Ian Curtis sheds new light on the life of the late singer

New book on Ian Curtis sheds fresh light on the life of the late singer

'Joy Division were making art... Ian was for real' says author Jon Savage
Sean Harris: A rare interview with British acting's secret weapon

Sean Harris: A rare interview with British acting's secret weapon

The Bafta-winner talks Hollywood, being branded a psycho, and how Barbra Streisand is his true inspiration
Tim Minchin, interview: The musician, comedian and world's favourite ginger is on scorching form

Tim Minchin interview

For a no-holds-barred comedian who is scathing about woolly thinking and oppressive religiosity, he is surprisingly gentle in person
Boris Johnson's boozing won't win the puritan vote

Boris's boozing won't win the puritan vote

Many of us Brits still disapprove of conspicuous consumption – it's the way we were raised, says DJ Taylor
Ash frontman Tim Wheeler reveals how he came to terms with his father's dementia

Tim Wheeler: Alzheimer's, memories and my dad

Wheeler's dad suffered from Alzheimer's for three years. When he died, there was only one way the Ash frontman knew how to respond: with a heartfelt solo album