Last
week, I got a new debit card in the mail. Why? The
letter accompanying the card said the bank had reason to
believe the card had been compromised.
This
isn’t the first time I’ve received a notice like
this. I’m sure you’ve received them as well — from
banks, from retailers, from restaurants, all of which
have at some point been the victim of hackers.
Recently,
we heard about Athens, Ga.-based Zaxby’s alerting
diners that their debit and credit card information may
have been hacked, possibly allowing thieves access to
personal information. Zaxby’s joined Kroger, Best Buy,
Five Guys Burgers, DSW and a host of other organizations
with similar experiences.
Unfortunately,
says security expert Ariel Silverstone, being hacked is
increasingly part of the cost of doing business. Several
sources estimate that more than 90 percent of companies
have been hacked, the remainder, says Silverstone, just
don’t know. As an information technology security
professional for more than 24 years, Silverstone has
seen it all.
"One
hundred years or so ago, banks were where the money was,
so people were robbing banks. Today, it is so much
easier to perform hacks. It is less likely to be caught
and the rewards are incredible," Silverstone says.
Only
in the last 10 years has the average consumer become
aware of hacking, but it has been happening since the
mid-1970s, he says.
For
the most part, there are three types of hackers: people
who do it for fun or reputation, such as those who
hijacked Burger King’s Twitter account Monday, those
who do it for political reasons, and the most dangerous
— the ones who are part of criminal organizations.
An
attacker starts with surveillance of the target company,
then finds the location of the company’s Web services.
One strategy to launch an attack is to craft seemingly
legitimate email messages to senior level leaders. When
the hacker gets a reply, they have a back door into the
system via malware or other mechanisms, Silverstone
says.
For
companies, keeping up with security breaches and the
necessary patches to their systems can be challenging.
Once
hackers have found a way into the system, they have
access to information they can abuse. They may use it
the same day or sell it to criminal exchanges. The going
rate is currently 1,000 names and card numbers for $30,
Silverstone says.
"One
of the things that people need to understand when they
share any piece of information on the Internet … is
who is on the other side," says Silverstone. The
risk is smaller for major companies, he says, but you
should be careful which part of your information to
share.
Everyone
thinks of debit or credit cards, but there are also the
security questions that many sites use — some of which
are the same from one site to another such as your
mother’s maiden name. Once you’ve given that
information to one site and a hacker gets it, he or she
can use it on other sites to access your accounts.
So
what is a trusting consumer to do? Consider with whom
you share information. Just as you would think carefully
about sharing personal information with another person,
do the same with companies. "Don’t just give it
all away," says Silverstone.
Use
false information. Instead of your mother’s real
maiden name, for example, use a different word.
Silverstone uses Lastpass.com — a free tool that
generates random passwords and remembers them for every
site. "I have over 3,000 different passwords and I
don’t have to remember them … and I couldn’t
because they are random," he says.
Don’t
share too much on Facebook. "There are a lot of
professionals on the bad side that harvest Facebook for
information about you that you may not want
shared," Silverstone says.
Never
use a debit card. In the U.S., the law limits your
personal and financial liability if someone steals and
uses your credit card. That isn’t the case with debit
cards. If your bank offers one-time use credit cards,
those are even better, Silverstone says.
The
only other solution is to stop doing business on the
Internet altogether, and that, Silverstone says, would
be a devastating blow to the U.S. economy.
