Tag Archive for: credit

‘Use separate credit card for online shopping, transactions’


Yeo Siang Tiong

KUCHING: Aside from having a security solution that can catch your accidental slips, it is also essential to revisit the card that you are using for online shopping as it will shape the possible losses a malicious link can inflict on your wallet, Kaspersky advises.

According to Kaspersky’s Southeast Asia general manager Yeo Siang Tiong, a credit card is not necessarily more secured than a debit card but disputes are easier to settle if a malicious transaction involves your credit card.

“Banks have insurance schemes and grace periods which allow you to alert them should you monitor a suspicious transaction, so be sure to keep an eye on your card’s balance and recent transactions list and to turn on transaction notifications,” Yeo said.

“With debit, the money loss will be pulled directly from your account. Meaning, it is your own money you are losing.

“And getting it back usually takes longer as compared with credit card – which you just don’t need to pay until the bank’s investigation is done.”

In addition, Yeo revealed that he is a believer of the additional security layer provided by a separate card which is meant only for spending online.

“In case of it being compromised, you can easily cut the card without affecting your main bank accounts.

“Just be sure that if you see anything suspicious, contact your bank immediately and try to cancel the transaction – the faster you do it, the better.”

He said that the same principle applies to having a dedicated e-mail for your online spending needs which severely limit the amount of spam messages you receive and significantly reduce the risk of opening potentially malicious e-mails disguised as sales promotions.

“It is also best to use a credit card with low limit, or you may also set the limit lower according to your spending pattern.

“This is to ensure that cybercriminals, in case they get their hands on it, can only use a limited amount, in turn not inflicting huge monetary impact on you.”

Yeo noted that though it will be easier if your card details are saved across all e-commerce platforms you’re using, data breaches should be enough to warn us about keeping our financial data more…

Source…

Missouri offers credit monitoring to teachers affected by DESE data vulnerability 


  

Missouri is offering 12 months of free credit and identity theft monitoring to educators whose personal information could be at risk due to a vulnerability in a state website discovered last month

At least three teachers’ Social Security numbers became vulnerable last month after data was accessed on the Department of Elementary and Secondary Education (DESE)’s website — which compiles teacher information that can be accessed by local school districts when verifying an educator’s certification. The last four digits of a person’s Social Security number can be used to identify an educator. 

No misuse of information nor access to information outside of last month’s incident has been reported, according to DESE, but the option will be extended to approximately 620,000 current and former teachers whose data was included on the department’s website. 

The services are expected to cost the state $800,000.  

DESE and the Office of Administration Technology Services Division (OA-ITSD) will notify teachers whose information may have been at risk in the coming days.

“Educators have enough on their plates right now, and I want to apologize to them for this incident and the additional inconvenience it may cause them,” DESE Commissioner Margie Vandeven said. “It is unacceptable. The security of the data we collect is of the utmost importance to our agency. Rest assured that we are working closely with OA-ITSD to resolve this situation.”

Gov. Mike Parson said the information was accessed through a “multistep process” that decoded and converted the data. The Cole County prosecutor was notified, and the Missouri State Highway Patrol’s Digital Forensic Unit will conduct an investigation “of all of those involved.” 

In a story, the St. Louis Post-Dispatch said one of its employees had “discovered the vulnerability in a web application” and notified DESE. 

“The reporter did the responsible thing by reporting his findings to DESE so that the state could act to prevent disclosure and misuse. A hacker is someone who subverts computer security with malicious or criminal intent. Here, there was no breach of any firewall or security and certainly no…

Source…

Hacker takes credit for 54 million T-Mobile data breach, calls security ‘awful’


A hacker who claims to be behind last week’s T-Mobile data breach that compromised 54 million people’s personal data told The Wall Street Journal in a story published today (Aug. 26) that the company’s “security is awful.” 

John Binns, a 21-year-old American living in Turkey, his mother’s homeland, told the newspaper that he found an unprotected T-Mobile router online in July, then used that to pivot on Aug. 4 into more than 100 servers containing personal data of current and former customers at a T-Mobile data center in central Washington state.

Source…

How Credit Unions Can Stop Advanced Magecart Attacks. Period.


The ups and downs of the last year and a half have wreaked havoc on societal norms. It’s changed how we work out, socialize with our friends and family, celebrate life’s events, and conduct business. The tension between safety vs. normalcy is one we all navigate every day. 

As a result, people are conducting business over the internet using mobile apps and web browsers more frequently than before. Companies are embracing mobile and home access to traditional in person transactions such as banking and finance. These financial institutions are using security features like faceID, touchID, and multi-factor authentication (MFA) to make account logins more secure. They are also using software and technology to secure the data inside their systems on the back end.

But what  are companies doing to protect the information that passes between login and storage? Securely logging into my account and entering my personal information onto an online loan application, account creation, or investment form does not automatically mean the information is safe. Online skimming attacks, such as  Magecart, are a concern these financial institutions cannot ignore. An article by Stickley on Security summarizes how advanced attacks can infiltrate and hide in benign media objects like images or videos on a website.

In April of this year, the Credit Union National Association published an article from Cyber Defense Labs offering three steps to take to prepare for the next cyberattack. Let that sink in for a moment. There will be a “next” cyberattack. There are no ifs, ands, or buts about it.  

Security professionals cannot have an “if” mentality, they need a “when” mindset. The article asks of credit unions: 

“Is your team knowledgeable and informed about today’s threat environment, where vulnerabilities are being exploited across the financial services sector, and what to watch out for?”

When it comes to today’s threat environment, many security professionals forget that the same mobile app or web browser customers are using to login can be the target of advanced Magecart attacks. Most of the issue with preventing or even detecting these attacks comes from supply-chain…

Source…