What would 2015 be without a little dash of data stealing?
Just in time for post-Christmas shopping woes, hackers claimed they leaked credit card info from 13,000 dating site users and Walmart/Amazon shoppers on December 28. A few days later it was American fast food chain Chick-Fil-A admitting thousands of customers may have had their credit card info stolen. And let’s not forget last year’s massive Home Depot and Target data breaches.
You wouldn’t be remiss to think that data leaks are becoming more common. Luckily, Seth Hardy, a Toronto-based cyber security researcher/analyst, doesn’t think that’s the case.
“It’s more likely that people are just hearing about it more – due to paying more attention to the subject – or that legal reporting requirements of companies have increased due to high profile compromises and leaks,” he says.
Do Businesses Have Your Back?
Mostly, hackers are up to the same ol’ techniques, targeting companies that are sluggish when it comes to upgrading their IT safeguards. The disadvantage is a lack of security can put your personal and financial info at risk.
It’s a growing reality businesses need to deal with, says Hardy.
“Large corporations are often targeted because their systems are large and complex and often poorly secured at some point or another in their network,” he says. “Security is response-driven because the reward for money spent isn’t apparent, and this means there will be more breaches. Breaches can also be considered acceptable if the cost of recovering multiplied by the probability of it happening is lower than the cost of securing a system – especially so if the laws covering reporting and notification requirements are lax.”
Canada instated a Digital Privacy Act last April offering steep fines for businesses that don’t advise customers about data leaks. The U.S. may see some changes in this category soon as well. This week, President Obama announced he would push Congress to pass a law requiring companies that are victims of data breaches to notify affected consumers within 30 days.
Canadian Banks Remain Secure
But Kate Payne, media relations specialist for the Canadian Bankers Association, says the financial institutions have your back.
“Fraud of any kind is always a concern for banks and they do everything they can to help protect customers from fraud,” she says adding that less than one per cent of debit and credit card transactions are impacted by fraud. “Customers are (also) not liable for any fraudulent transactions in their accounts.”
Even still, stats collected by the CBA showed that between 2012 and 2013 fraudulent e-commerce, phone and mail purchases rose by over 11 per cent.
“This is to be expected as we complete the conversion to chip and PIN on credit cards and what has been witnessed in other countries that have made the conversion,” she says. “Banks and credit card companies have highly sophisticated security systems and teams of fraud experts in place to monitor transactions, protect customers and prevent and detect credit card fraud.”
How Chips and CVC Codes Work
The CVC code – those three numbers on the back of the credit card – are also a barricade for would-be fraudsters stealing data by skimming and scanning credit cards.
“This code on the back of your card is not included on the magnetic stripe on your card so if your card has been skimmed,” says Payne. “Many retailers ask for this code for online and telephone transactions and the criminals would not have that.”
Most e-commerce sites also employ some sort of SSL (Secure Socket Layers) protocol that encrypts your data and helps keep it out of the hands of hackers.
“These days finding a site that handles sales that does not use TLS/SSL is very rare,” says Hardy. “Beyond that, with smaller online stores, looking for known brands handling the payment processing – like switching to Paypal or Stripe’s website for payment processing – is a good sign.”
But keeping your credit card info and data from fraudsters and hackers is also your responsibility. The CBA recommends only dealing with reputable retailers when shopping online and when exchanging any credit card info, ensure the transaction is secure. You should also avoid doing banking while on free Wi-Fi.
“Look for the closed-lock or unbroken-key icons on your browser when entering credit card or other sensitive data,” says Payne. “Web addresses that start with HTTPS rather than HTTP also mean that the browser you are currently using is secure. If you don’t see these icons, or if you see the broken key or the open padlock, your transaction is not being securely transmitted across the Internet and the website may be a fraudulent one.”