Rhodri Marsden: How can we stop these criminals in cyberspace?

It's disconcertingly easy for someone to pretend to be you and use your money

Share
Related Topics

I've had many pieces of well-meaning advice given to me by my father over the years – most of them ways to avoid repeating my embarrassing DIY errors – but one memorable maxim of his was "never let your credit card out of your sight".

Before the advent of PIN terminals, following this rule would require him to pursue slightly perturbed waiters around restaurants until they gave him a slip of paper to sign; I don't think he knew exactly what underhand deeds he was looking out for, but having never been defrauded while using the technique, he stuck doggedly to it. He never worried about what happened to the credit card information after the transaction – where his number might be stored and who might have access to it – figuring that that was all probably taken care of by companies employing sophisticated security measures. Most of the time, that's probably true. But not always.

On Monday, a 28-year-old Floridan by the name of Alberto Gonzalez, along with two unnamed Russian co-conspirators, were charged in the US for stealing some 130 million credit and debit card numbers by hacking into the databases of a number of American companies that process card transactions. Gonzalez, already in federal custody for his part in the previous record-breaking theft of 40 million card numbers, is alleged to have used sophisticated software to infiltrate the systems and scoop out the data. If found guilty, all three face 35 years in prison.

Those unfortunate enough to own one of the 130 million compromised cards will probably be spluttering in indignation as to why these companies hang on to such details anyway. The answer is that they're legally obliged to, for a length of time, in case of queried transactions. But why aren't they forced to do it in a way that doesn't put our own security at risk?

There is a worldwide standard (the PCI-DSS) that any companies dealing with cardholder information are obliged to sign up to, but many security experts have pointed out that it's possible to tick all the PCI's boxes and still be insecure. The offence allegedly committed by Gonzalez is as vivid an illustration of that as one can imagine.

For once, this lapse in online security has nothing to do with us, the general public. We're guilty of all manner of stupidity when it comes to our personal financial security – writing down PIN numbers on Post-it notes, using the word "password" as our password – but in this case there's nothing we could have done, save for withdrawing entirely from the 21st century and using cash instead.

So what should these companies be doing to protect us? Graham Cluley, from internet security firm Sophos, has expressed his disbelief that our card details aren't encrypted when they're stored, so that hackers just find random gobbledygook. "If they were properly encrypted," he says, "it would take until the sun burns out for anyone to decode it."

But it's not just the companies storing our details that need to shape up. The 130 million stolen credit card numbers would be of no use to anyone if they couldn't be used to buy stuff. Any masterminds wouldn't have been the ones picking a card number and using it to buy soft furnishings on eBay; they'd sell the numbers on to other criminals in blocks of a few thousand. But eventually, someone would pretend to be you and use your money, because it's still disconcertingly easy to do.

Online shopping is a click-happy cinch, but with that convenience comes risk; if you can tap out your 16-digit number, expiry date and a supposed "secret" three-digit number on the back of your card to book a flight to the South of France, so can anyone else. We may balk at the idea of carrying around an additional device (of the kind Barclays customers now have to use for online banking) to enter our PIN every time we make a credit card purchase online, but when these kind of measures are inevitably introduced, we'll have to grin and bear it. It's for our own good, after all.

As for the likes of Alberto Gonzalez, they're talented individuals capable of writing sophisticated software that can detect weaknesses in even the strongest computer defences. Indeed, such characters frequently find themselves with job offers in the industry following their release from prison. But after a 35-year stretch, technology is likely to have marched on a bit too far for anyone to catch up. Marched on so far, one would hope, that our money would finally be safe from marauding cybercriminals. Fingers crossed.

r.marsden@independent.co.uk

React Now

Latest stories from i100
Have you tried new the Independent Digital Edition apps?
iJobs Job Widget
iJobs General

Guru Careers: Graduate Software Developer / Junior Developer

£20 - 28k + Benefits: Guru Careers: We are seeking a Graduate Software Develop...

Recruitment Genius: Delegate Telesales Executive - OTE £21,000 uncapped

£16000 - £21000 per annum: Recruitment Genius: High quality, dedicated Delegat...

Recruitment Genius: Field Sales Consultant - School Playground Designer

£25000 - £60000 per annum: Recruitment Genius: A fantastic opportunity has ari...

Recruitment Genius: Traffic Planner

£20000 - £40000 per annum: Recruitment Genius: As the successful candidate you...

Day In a Page

Read Next
Fifa president Sepp Blatter  

Fifa presidential election: If I had a vote, I would back Sepp Blatter

Sean O'Grady
David Cameron has reiterated his pre-election promise to radically improve the NHS  

How can we save the NHS? Rediscover the stiff upper lip

Jeremy Laurance
Fifa corruption: The 161-page dossier that exposes the organisation's dark heart

The 161-page dossier that exposes Fifa's dark heart

How did a group of corrupt officials turn football’s governing body into what was, in essence, a criminal enterprise? Chris Green and David Connett reveal all
Mediterranean migrant crisis: 'If Europe thinks bombing boats will stop smuggling, it will not. We will defend ourselves,' says Tripoli PM

Exclusive interview with Tripoli PM Khalifa al-Ghweil

'If Europe thinks bombing boats will stop smuggling, it will not. We will defend ourselves'
Raymond Chandler's Los Angeles: How the author foretold the Californian water crisis

Raymond Chandler's Los Angeles

How the author foretold the Californian water crisis
Chinese artist who posted funny image of President Xi Jinping facing five years in prison as authorities crackdown on dissent in the arts

Art attack

Chinese artist who posted funny image of President Xi Jinping facing five years in prison
Marc Jacobs is putting Cher in the limelight as the face of his latest campaign

Cher is the new face of Marc Jacobs

Alexander Fury explains why designers are turning to august stars to front their lines
Parents of six-year-old who beat leukaemia plan to climb Ben Nevis for cancer charity

'I'm climbing Ben Nevis for my daughter'

Karen Attwood's young daughter Yasmin beat cancer. Now her family is about to take on a new challenge - scaling Ben Nevis to help other children
10 best wedding gift ideas

It's that time of year again... 10 best wedding gift ideas

Forget that fancy toaster, we've gone off-list to find memorable gifts that will last a lifetime
Paul Scholes column: With the Premier League over for another year, here are my end of season awards

Paul Scholes column

With the Premier League over for another year, here are my end of season awards
Heysel disaster 30th anniversary: Liverpool have seen too much tragedy to forget fateful day in Belgium

Liverpool have seen too much tragedy to forget Heysel

Thirty years ago, 39 fans waiting to watch a European Cup final died as a result of a fatal cocktail of circumstances. Ian Herbert looks at how a club dealt with this tragedy
Amir Khan vs Chris Algieri: Khan’s audition for Floyd Mayweather may turn into a no-win situation, says Frank Warren

Khan’s audition for Mayweather may turn into a no-win situation

The Bolton fighter could be damned if he dazzles and damned if he doesn’t against Algieri, the man last seen being decked six times by Pacquiao, says Frank Warren
Blundering Tony Blair quits as Middle East peace envoy – only Israel will miss him

Blundering Blair quits as Middle East peace envoy – only Israel will miss him

For Arabs – and for Britons who lost their loved ones in his shambolic war in Iraq – his appointment was an insult, says Robert Fisk
Fifa corruption arrests: All hail the Feds for riding to football's rescue

Fifa corruption arrests

All hail the Feds for riding to football's rescue, says Ian Herbert
Isis in Syria: The Kurdish enclave still resisting the tyranny of President Assad and militant fighters

The Kurdish enclave still resisting the tyranny of Assad and Isis

In Syrian Kurdish cantons along the Turkish border, the progressive aims of the 2011 uprising are being enacted despite the war. Patrick Cockburn returns to Amuda
How I survived Cambodia's Killing Fields: Acclaimed surgeon SreyRam Kuy celebrates her mother's determination to escape the US

How I survived Cambodia's Killing Fields

Acclaimed surgeon SreyRam Kuy celebrates her mother's determination to escape to the US
Stephen Mangan interview: From posh buffoon to pregnant dad, the actor has quite a range

How Stephen Mangan got his range

Posh buffoon, hapless writer, pregnant dad - Mangan is certainly a versatile actor