How often do you shop on the internet? I do most of my shopping online, through my laptop or iPhone, even simple things like ordering a take away – because it’s faster and easier than a phone call and I can pay by card.
Internet shopping has become a banal, run-of-the-mill activity; most of us don’t think twice about entering our card numbers and handing over our identity.
A recent investigation here at UKFast has revealed that we should really be more savvy about our card security. The study shows that many businesses are unwittingly leaving databases of their customers’ credit card information in files that can be found through a simple Google search – no complicated hacker skills, just a simple Google search.
One of the numerous sites that the team came across flaunts 1,800 valid card numbers that had been processed by an American online takeaway. Expiry dates, csc codes and information so specific to the card holder that the distance from their address to the takeaway was listed. All left searchable, with the takeaway completely unaware that they are compromising data security.
Basically businesses that leave personal data such as credit card information on live web servers unencrypted, even if the website does not directly link to it, leave it openly, and easily, searchable.
At UKFast we deal with businesses’ online security on a daily basis but it is shocking to see how lax the personal security of individuals can be.
Many of us, me included, don’t place much importance in the link between the information we put onto Facebook, Twitter, LinkedIn etc and its value to those pesky cybercriminals.
On my Facebook profile there are family links, my university network and thousands of photographs of myself (some admittedly rather embarrassing). On my Twitter I count down to my holiday and public conversations with my friends could track most of my day to day movements. I even ‘check in’ or geotag myself when I’m somewhere exciting.
This hands the cunning cybercriminal a written report of my activities so the black-and-white striped swag-bag yielder barely needs to make an effort to find out the answers to my security questions and clues to my passwords – first primary school is on Facebook, along with my mum’s name, my pets’ names and my boyfriend’s details too.
Fraudsters can find my address by looking at my geotagged tweets or check-ins on Facebook. And thanks to my twitpic of the view from my balcony in Spain they know I’m not home and my worldly-belongings are waiting at home, ripe for the picking.
Security starts at home. Talking to our security guys it seems that the golden rule for socialising on the web is not to share anything that you wouldn’t want your whole street to know.
And before anyone tries it, my Facebook is on lockdown, there are no more geotags on my tweets or pictures and I have changed all of my passwords too!
What about you? Do you know how much information fraudsters can easily find about you?