Your Search results will appear here

Friday 18 September 2009

A Common Sense Approach to cashless transfers?

While the convience of online banking has only touched me in the last few months, i have, for many years turned to the Internet for shopping. However i have always been very caucious about using my bank card, not just online shopping, but anywhere really where cashless transfers take place, hotels, bars.

However, is there a common sense approach to the problem. I dont have the answer so you decide. Below i will present to you a simple solution to help you combat fraudlent missuse of your cashless credentials.(I hope).

What i have used for the past 2 years is a quidity card, this is whats also known as a pre-paid credit card. There are lots of different pre-paid cards available now but i will be covering the QUIDITY card and my new addition my PAYPAL VISA card.


As you can see the Quidity card bears all the hallmarks of a normal bank/debit/credit card. The maestro logo verifies the card can be used for cashless transfers whereever the maestro symbol is present, including online!!You can even withdraw money from an caash machine with it. So whats the big deal, whats its unique selling point i hear you ask. How does it help you shop safely.

Ok heres how it works. You simply top up the card at your local post office or where you see the paypoint sign.


Click here to find your closest paypoint retailer




So for example you see a beutifal pair of shoes for the weekend night out, despite all the anti-fraud measures in place, you decide against using your bank details online. The shoes cost £45. Simply load £50 (to cover transaction fees) on to the card. All the fees and transactions will be explained in detail later.

Now go online and make your purchase, if for any number of reasons your transaction is intercepted by a fraudster, you will of already spent the money on the card, rendering the card useless to anyone even if they have intercepted your data.

Thursday 17 September 2009

The Banks Use Card-Readers Too

Ok so the last posts touched on the following subjects
  • Creating a secure password you can remember
  • The possibility of fraudsters intercepting mail from the bank
  • Changing your pin number regulary
  • Additional browser tools for those that use ebay and/or paypal
  • Signing up to verified by visa
  • Signing up to Mastercard Secure Code
This post is soley about card-readers and a list of banks that use them. The card readers issued free by the banks is a clever addition to tools used to fight fraud. Once you have setup digital banking, you can then use your card reader along with your bank card to authorise direct debits, standind orders amongst other things,online. In fact this is a brilliant piece of kit. I have to ask why people are not forced to use such a device before they can buy something online. Hmmmmmmm.

Due to increasingly sophisticated trojan software and malware in the wild the banks have had to up their game to in the fight against fraud and they have with the card reader

Rbs




This is the card reader issued by RBS, the item is free of charge and free to use and requires no conection to a computer. To recieve and use one of these you must sign up to rbs digital banking.

Common questions about this can be found here.




Nationwide card reader

This gem from nationwide stops the fraudsters in their tracks so long as you have a flexaccount VISA debit card. For every transaction made online you will need to verify the purchase with your card and card reader. Use this with verified by visa and you have exceptional fraud-prevention measures in place.
Register for Nationwide Internet banking here.
Information about the card reader is here.





Natwest card reader


If you dont have a debit card natwest will send you a internet banking card for use only with the card reader.
Debit card holders can use their debit card.

Information about the Natwest card reader can be found here.










I strongly reccomend all those that use online banking to order one of these from your respective bank.

Now i know this sounds patronising but some people will care to use such a thing once its too late. Fair enough, your loss not mine.

This method is still not foolproof as most people will not carry such a device around with them, restricting use to the home instead, still should be safer at home.

Online Shopping Card Not Present Fraud

A massive loophole in the online shopping area is Card Not Present Fraud which renders chip and pin useless. Card not present is proberly more of a threat today than card skimming. Consider this to order something online with your bank/credit card you dont need your pin number , a complete layer of account protection is removed, this is very bad indeed and means fraudsters only needs the info on your card that can be seen with the naked eye. If two fraudsters were strategically placed they could snap high quality images of your card as you took it out, they would then follow you, assuming the last place you stop is your home address and will attempt to misuse your credentials.

This is only effective in online shopping as when buying in a shop you need to present your card.

To replace this loss of account protection the big boys are stepping up
If your card bears the VISA symbol


You can use the verified by VISA service,which is free of charge to use and also protects retailers against missuse.
Sign up to Verified by VISA here





Alternately if your bank card bears the Mastercard logo.

You can sign up to the mastercard secure code scheme which adds additional layer of security to your online purchases. Sign up Here.



Once again the integrity of the systems used by mastercard secure code and verified by VISA realies on your antivirus software to be up to date. So You can see its not totally safe.

Pin Numbers

Okay ATM/cash machine fraud is a huge thing right now and almost everybody seems to know someone it has happend to.
The fraudsters use skimming devices which fit on the cash machine to steal your pin number. Watch this video from the BBC show the real hustle for an example of how it works.



See how easy it can be, all banks HSBC, Halifax, Natwest etc all information on there websites explaining how to safeguard your pin when using it at a machine, one thing i would strongly suggest that they dont is the regualy changing of your pin number like every time you use it, i know its not practical but hey i wont be loosing face. If you struggle to remember your pin an easy example would be the date 15/09/2009 if you use your card today why not change your pin to 1509, hey it might sound daft but its better than those that store it in their mobile phone or those that wright it down or worse use their year of birth.

Its easy to use the social networking sites to social engineer someones pin number, an example being you could set up a quiz for instance on facebook, telling people you could guess the number their thinking off........................(maybe if people nag i will post the rest of this )

Strong password Weak security

You could use my password story telling method to make an easy to remember 128 digit passsword although most online servers will only allow upto 32 digits including banks for use in a password you could make the strongest ever password known to man, however if your firewall/anti virus is not up to date chances are you will have some form of malicious software on your machine.

The reason for this is when buy your over-expensive laptop from pc world or dixons or microdirect it comes bundled with normally a 60 day trail of either norton or mcafee both are excellent but expensive.

The best solution is comodo which incorporates anti-virus and personal firewall, it is also free for life, those of you reading this blog who know me personally will know i fully support comodo.
Download comodo here


I also recommend using malware bytes anti malware along side comodo



If you use Ebay i recommend using the firefox edition which you can download here, which ensures you are signing into a genuine ebay site.

Internet explorer users can use a tool here. The Internet explorer tool uses an account guard manager which warns you if you are about to enter your ebay or paypal password on another website.


Another thing i will mention here. If you must sell your old laptop or pc, then its essential you do not include your old hard drive as there is software easily availale on the internet to recover information/data which you thought had been deleted.


Online Banking Is It Flawed?

The banks in the UK are doing a tremendous amount to prevent online banking fraud, however i believe the initial process to be flawed, when you receive your initial digital banking letter in the post delivered insecurely off course dint be surprised to see your if customer number is:
  • your bank account number 11111111
  • your card number 1111 1111 1111 1111
  • or one bank i know likes to use your DOB followed by your branch dial code 010119800171 which is 01/01/1980 bank area dial code for London 0171
organized criminal elements working within or has minions working in the postal system no this and some are on the lookout for mail that has certain return address as they know that its for banking. oh dear. Then a few days later your so-called tamper proof pin comes in the post. Firstly your initial letter from the bank, contains no reference to your pin been sent in a tamper-proof way. Secondly the vast majority of people who have never used digital banking or never lost their pin number will never have even seen tamper-proof paper.

Once again the fraudsters know this and are not deter ed they will simply open the letter and send you the pin and make it appear to be from your bank.

How many of you check to make sure the letter from the bank really is from the bank.

Some people just simply underestimate the lengths people will go to, to defraud you.

Personally the bank should make you go into your branch and setup your digital banking that way, dont you agree!

REMEMBER TO REPORT ANY SUSPICIOUS ACTIVITY ON YOUR ACCOUNT IMMEDIATELY

Password story telling

Okay the first post was way too long so i will keep the rest short and simple. As mentioned in the previous post the password JS2004vert21chips is not that strong a password as it contains words in the dictionary (french&English). So here is how I'd make proper password using a short story.

I wake up everyday at 7am to go work, after having a shower i have breakfast, 2toast,1apple and a cup of tea. now its 7.45am, my mrs now kisses me and says "goodbye". I start the car and set of for my £300 a week job 6miles away . i finish every day at 5pm

Did you see the potential for a very secure password using our daily activities, here's the password i got. This only works if you do have a daily schedule you always keep too like going to work

7PM ==time get up
2t ==1st thing i eat
1a ==2nd thing i eat
XXX ==kisses from the mrs
"" == from wife sayin goodbye
£ == another symbol
6 ==distance to work
5PM == time i finish work

our secure password now uses small case, upper case, numbers and symbols.

7AM2t1aXXX""£65PM
check strentght here


hopefully you can adopt this to fit around your own daily activities, this works best if its the same thing very day.

As this password evolves from a story about waking and going to work it would be an ideal password to use at work.

(If the the IT guy at your work had any real use he would force you to change your password once a month at the very least and not let you use the last 5 previous passwords)

OK these first 2 post just about covers passwords for now, remember this is just a small guide on passwords and doesn't cover pin numbers or ATM Skimming.

Remember this blog is intended as a guide only. Its purpose is to encourage you to use secure methods when using internet bank/online shopping.Just so you feel a little bit safer when shopping on ebay, amazon or using paypal.

A secure password is just one of the steps needed in the fight against fraud.

Banking/Online fraud--Passwords

Ok this post is all about passwords, the truth is most people hate passwords and choose something thats easy to remember with a few numbers usually birthdates added on to the end.
Thats just rich pickings and easilly guessed by most people and with the vast amount of private information posted on social network sites, pet names, favourite books, colours etc you name it they know it, particulary your password reset question. Once again i unterstand the desire and temptation to use "easy to remember" words. Below i will demonstrate how to select a strong password using your potentially easy to find info

AN EXAMPLE OF HOT CHOOSE A STRONG PASSWORD THATS EASY TO REMEMBER BUT HARD TO GUESS (TO A HUMAN)

Name: John Smith
DOB: December 12 1980
Address: 123 Test Lane, Hopetown, UK
Postcode: HT99 9XX
Favourite colour: Green / VERT
Favourite food: Chips
Fave sports team: Manchester united COULD BE FAVORITE ANYTHING!!!!!!!!
Pet name: Jack

OK if you replace the above example with your info you should understand this a lot easier.

Most passwords nowadays require you use to at least one number in your password and most people do this and actually use the number 1, or for most they use there door number or ultimately they use there year of birth.


From the example above we will use information from a few lines to create a secure password that uses only letters and numbers.

OK folks from the first line (John Smith) of course your name will be here, choose something that's easy to remember, don't add any numbers to it yet, done it yet??
good. I was thinking (J)and (S) as there both in capitals and you should never forget your name. So we now have the first 2 letters of our password

JS

alternately you can use (n) and (h) which are the last two letters in both names

OK the next line DOB, if i asked you to use the DOB (December 12 1980) to come up with something for your password who knows what you'd try, fact is you wouldn't add your birthday to get a total number would you!
eg.
December = 12th month
date = 12th day
year = 1980

so 12+12+1980 =2004

so we know have 6 digits for our password

JS2004

so skip the next 2 lines and go to colour , as you can see john smiths favorite colour is green and will never never change, but instead of just adding plain old green to my password i will type the colour green in french (to find this out simply type green in french in google or whatever your favorite colour is, you don't need to go learning french or anything and if you forget how its spelt just use google). So did you just find out your favorite colour in french? Well John Smiths is vert, green in french is vert. The reason for this is, most people will only write their passwords in their chosen language, fraudsters know this and makes things like password guessing and secret answer reset easy

REMEMBER THIS IS JUST AN EXAMPLE YOU CAN USE ANY LANGUAGE

Now we have and additional 4 letters for our password, so our password looks like this now

JS2004vert


Now back to the address line can you see the secret (not really secret but bet you cant guess) number in John Smiths address and it ain't 123 lol.
Got it yet?
Thought not
simple

123 =3
Test =4
lane =4
hopetown = 8
uk =2
3+4+4+8+2= 21

Again your address don't change that often, so you should do this once and remember the number easily. Remember you don't have to use your home address to do this, you could use work address, favorite football ground address, i only do this to give us a number for our password. We know have 2 additional numbers, so we have 8 digits altogether now

JS2004vert21


Lastly return to your fave food which in John Smiths case is chips add this to our 8 digit code, so we end up with
Js2004vert21chips
click here to check password strength

now john smith has a good strong password using info about himself that should never change. Once you repeat this over and over in your head it will be as easy to remember as your name. Now john smith can join rbs digital banking using a password of
rbsJS2004vert21chips
A paypal password

paypalJS2004vert21chips

Obviously the above is a guide only, but it will give you a password that's easy to remember but very difficult to guess (to a human), the fact is there is password cracking software that can use dictionaries from every language conceivable and with today's top-end computers capable of running quad-core processors and up to 8GB of RAM a Brute force password attack on a password like that wouldn't take long at all.




There is also a clever piece of software called WYD which is an open-source password profiling tool. You simply input personal information into it such as John Smiths information above and a list of possible passwords pops up. OOPS so our strong password is not really that strong after all is it!! To eradicate this i use something i call password story telling which i will explain in another post as this post is already too long.


I Hope this has helped some of you, but doubt it has helped all of you. Some of you might still prefer to use your simple passwords like
qwerty letmein vodkarocks carrick1
weed187 pear
The best you could do is add the site name before/after your password like

facebookqwerty
hotmailqwerty
qwertygmail
etc etc, this significantly reduces the ability for someone to guess 1 or all of your passwords(remember you most likely use the SAME PASSWORD on the Internet for everything you do).

Now armed with the above information you can easily find strong passwords your comfortable with, hopefully you will change your password at least once a month (i know its hard for you but it is your identity and the whole drama of having your online bank account compromised can be very daunting experience.

Hope you join me in the second post password story telling.

REMEMBER THIS POST IS JUST REFERRING TO PASSWORDS AND NOT PIN NUMBERS