Issue link:

Contents of this Issue


Page 2 of 3

SUMMER 2020 SECURITY SMART 3 For more information on staying safe online here at BSU or at home, contact 4 Tips for Safer Credit Card Use SOME OF THE LARGEST credit card data thefts in history, including the 2013 and 2014 breaches at Target and Home Depot that resulted in tens of millions of cards being compromised, were perpetrated by hackers using software-based skimmers. These skimmers target the software component of payment systems and platforms, whether that's the operating system of point-of-sale terminals or the checkout page of an e-commerce website. Any software that handles unencrypted payment card details can be targeted by data-skimming malware. Hackers gain access to these systems through stolen credentials or by exploiting vulnerabilities, and they install malicious programs that scan their memory for patterns matching payment card information. Card data, except for the PIN, is generally not encrypted when passed from the card reader to the application running locally, so it can be easily copied once identified in memory. Consumers can't do much to directly prevent such compromises because they don't control the affected software—it's the responsibility of the merchants and their technology vendors to provide a safe shopping experience. But you can take the following actions to reduce the risk that your own card will be exposed and to limit the impact if a compromise does happen: 1. Monitor your account statements carefully and often, and keep an eye out for transactions you don't recognize. Call your financial institution immediately if you see evidence of unauthorized activity. 2. Turn on transaction notifications, if your bank offers that service. The sooner you discover fraudulent transactions and can replace your card, the better. 3. Use virtual card numbers for online shopping if your bank offers them, or pay with your mobile phone. Services like Google Pay and Apple Pay use tokenization, a mechanism that replaces the real card number with a temporary number that is transmitted to the merchant. This means your real card number is never exposed. 4. Pay with an online wallet service, such as PayPal, that doesn't require you to input your payment card details directly into the checkout page of the site you're shopping on. You can also choose to shop only on websites that redirect you to a third-party payment processor to input your card details instead of handling the data collection themselves. H OW DILIGENT ARE YOU when it comes to mobile device security? If you recognize yourself among the four types described below, it's time to re-evaluate your approach. A. THE UNSUSPECTING You're not really aware of the dangers lurking online, so you aren't concerned about protecting your smartphone or tablet. That makes you an easy target. Unsuspecting types fall for basic scams, willingly clicking on links in unsolicited emails and entering their IDs and passwords on unfamiliar websites when asked. But messages opened on mobile devices can infect laptops and company systems. Remember: Think before you click. B. THE DELAYED REACTOR When you misplace your tablet or smartphone, you hesitate to tell the IT department. After all, it'll turn up sooner or later, won't it? Maybe not. Next time you lose track of your device (if there is a next time), call your employer's IT department immediately. Any lag time can put devices and sensitive personal and company information at risk. C. THE OVERSHARER You like to use your device to post personal and work-related information freely on various social media sites. Beware: You're giving scammers a leg up when they try to infiltrate your company's systems or steal your identity. They'll use those details to help them pretend to be a co-worker or acquaintance, and they'll try to persuade you to share credentials, passwords or other company data. D. THE TECH GENIUS You're proud to be tech-savvy, and you should be! But if you're not careful, you might turn into a security nightmare— especially if you know how to reconfigure your smartphone to give yourself administrator-level privileges. Doing that can turn a user into an administrator who can then access certain device resources that are normally inaccessible, and endanger data by removing important protections. They can also allow malware to be downloaded to the device and open it up to all sorts of malicious actions. The lesson here? Just because you can, doesn't mean you should. If you try to bypass your company's mobile device management tools, you may violate company policy as well as make your employer's network vulnerable. What Type of Mobile User Are You? Kali9 / Getty Images

Articles in this issue

Links on this page

Archives of this issue

view archives of BSU - Security_Smart_Summer2020_Bridgewater