Tuesday, 23 February 2016

Fighting the War Against Nuisance Callers and Spammers

You and your family are just sitting down to a meal at the end of a long day when the telephone rings. You reluctantly pick it up only to be greeted by someone on the other end purporting to represent your local utility who, out of sheer generosity, wants to offer you a brand-new boiler. You are disgusted to have once again been disturbed in your own home during what should be precious family / personal time, by a nuisance caller who has no regard for the law.

These are the kinds of things the Information Commissioner's Office (ICO) deals with all the time on behalf of consumers. They look at all complaints that come into their office by way of their website, working diligently to find and punish violators. What they do does not necessarily constitute exciting data centre or cloud computing news, but we felt it necessary to highlight how the ICO is working to protect all of us and, more importantly, how all companies should conduct themselves when selling to consumers.

The ICO is working harder than ever to protect us.  They are teaming up with regulators and other government agencies in order to track down and hold violators responsible for constant harassment of consumers. For example, in 2015, they worked with Gateshead Trading Standards to go after E-Green Energy for those deceptive phone calls offering free boilers. The court eventually fined the company £8,000; three directors of the company each received fines of £6,000.

In another case that settled this past November (2015), the courts fined a company known as Direct Security Marketing Ltd nearly £1,200 for failing to register with the ICO as required by law. The ICO added £70,000 in fines for making automated 'robo calls'.


All Communications Protected

What the ICO wants consumers to know is that all communications between businesses and private consumers are protected. Consumers have the right not to be contacted by unsolicited marketers, whether this is by telephone or e-mail. Better yet, marketers cannot claim automation to get around the law. Regulations apply equally to communications made in person or using computer systems and software.

Depending on the success of the marketer, unsolicited cold calls can yield a success rate of between 5% and 10%. This means that for every 100 phone calls made, a good marketer should be able to secure between five and 10 paying customers. That is more than enough to pay for marketing services and still make a profit.

Cold callers and e-mail spammers tend to use sensationalism to get consumers to at least listen to what they have to say. Once the conversation begins, the marketer resorts to hard-sell tactics that a lot of people find difficult to resist.

The people making these calls cause upset, alarm and distress and, at worst, they prey on vulnerable people who may fall victim to a hard sell or scam that leaves them embarrassed and out of pocket.

What We Can Do To Help

Last year, 166,665 people were driven to complain to the ICO because they’d had enough of unsolicited cold calls.

The ICO is doing excellent work in trying to shut down nuisance callers and spammers. We can all do our bit by reporting every nuisance contact that we receive in our homes.

The first thing everyone should do it register their home telephone number with the Telephone Preference Service here.

If you are still receiving unwelcome calls, emails or SMS messages in your home, you should report them to the ICO here

Friday, 19 February 2016

How to Protect Yourself Quickly & Inexpensively from POS Scamming

 Are you aware that devices exist that are able to read your debit & credit cards, passport and even driver’s license then use that data without you even being aware? 

Unfortunately, RFID (Radio Frequency IDentification) technology that is used to track sensitive data in many of today’s portable identifiers (e.g. credit and debit cards) can be easily read by a point-of-sale (POS) card reader without you ever realising that you have been scammed… until you check your bank account, that is!

It’s a very frightening thought but, sadly, this is real and it’s starting to happen on a daily basis on our streets, on public transport and in our shopping centres.

The scam is based on relatively new contactless “touch-pay” technology that allows you to pay for things simply by touching your card to an appropriately enabled card reader and pay for items without the need to enter a PIN.  This technology has been brought in to save time and effort for consumers however, many of us are unaware that we have this technology as we all appear to have been “opted in” by our banks without our permission.  

Now here comes the scary part:  enterprising scammers can buy point-of-sale (POS) card readers for very little, programme the card readers to accept payments of under £30 (these need no approval), then wander indiscriminately through stores or other crowded places as they steal from consumers who are completely unaware.

RFID enabled items that many of us already possess include (but are not limited to) debit cards, credit cards, passports, identity cards, driver’s licenses, Oyster cards, travel cards and ski-passes.  Many work-related cards such as passes for electronic ‘swipe card’ door entry systems also have RFID technology embedded in them. In fact, it is very likely that many items you carry with you every day are RFID enabled – and often without your knowledge.

Do not assume that you are safe, just because you keep your debit and credit cards in your possession at all times.  You may not know exactly what information is stored on your cards, but is it really worth the risk of allowing someone else to read your personal data without your permission or knowledge?

Unfortunately, making it easy to pay for things via radio waves also makes it easy for thieves to help themselves to your hard-earned cash.  If you carry any of the afore-mentioned cards with an RFID chip, you need to be aware of this scam. Thankfully, fore-warned is fore-armed so thwarting would-be criminals is easy - once you know how. 

The cheapest way to avoid being hit is to simply line your wallet or purse with aluminium foil which cunningly blocks the RFID chips from being read against your will.

If you are looking for something a bit more classy, there are a whole host of different types of sleeves, wallets, purses and ID card holders and shields on the market, that are designed specifically to offer protection against unauthorised access to contactless technology. These can be very easily and inexpensively purchased via sites such as Amazon, eBay or even on your local high street and they cost from as little as a couple of Pounds each, whilst offering a tremendous measure of protection. 

Another option, for those that are not contactless payment fans (like me!) is that one is able to request a non contactless  payment option when ordering new credit or debit cards from the bank.  

The realisation that someone is able help themselves to your money so very quickly and easily is a rather sobering thought.  As always, we must do what we can to protect ourselves from these scammers.

Modern technology is often excellent but unfortunately it is not always used with good intentions.   Please make sure that you share this post with as many of your friends, family and peers as possible so that we can stay one step ahead and protect ourselves from these criminals. 

Thursday, 11 February 2016

New RFID Chip Promises to Stop Some Identity Theft

In the ever-evolving world of data communications and networking, keeping up with cyber criminals is an ongoing battle. For every security solution developed, there is an enterprising criminal waiting for the opportunity to find a workaround. Now, the designers of a new RFID chip hope they have come up with something that is virtually hack-proof for the foreseeable future. Their new chip directly addresses the two most common forms of identity theft using RFID-enabled credit and bank cards.

Researchers at the Massachusetts Institute of Technology (MIT) have teamed up with Texas Instruments to develop the new chip. They say their technology prevents the theft of cryptographic keys using either a side-channel attack or an attack based on a power failure. The new chip has already undergone a full battery of tests by Texas Instruments; research data was recently presented at the International Solid-State Conference in San Francisco.

Side-Channel Attack

Cards with the current generation of RFID technology are vulnerable to attack through something known as the side channel. Hackers use computer equipment to monitor cryptographic operations during transactions, gathering data and analysing it to find patterns in power consumption and memory access. Once a pattern is identified, the chip can be accessed and information stolen. It is all done incredibly quickly.

MIT and Texas Instruments researchers have closed this vulnerability by creating a chip that includes a random number generator designed to create a new secret key following every transaction. Whenever an RFID-enabled card is used to complete a transaction, information is sent to a central server to verify that the secret key has not been used before. If it has, the transaction will not be completed.

Power Failure Attack

Current RFID cards are powered by tag readers at the time of the transaction. These are also designed to prevent hacking by limiting the number of invalid keys that can be entered. Hackers have found a way to work around key limitations by cutting the power to an RFID chip before that limit is reached. Once power is restored to the chip, the invalid entry limit is reset and the hacker can start over.

With the new chip, the power failure attack has been thwarted by including an on-board power supply that cannot be cut remotely. New RFID chips also include non-volatile memory cells that keep track of data even if on-board power fails. This prevents an RFID chip from generating a new secret key until the current transaction is completed.

Should the new RFID chip prove successful, two things will be accomplished. First, hackers will not be able to sit in a public space and steal the identities of their victims by hacking these people’s credit and bank cards. Networking in public spaces would be a bit safer, although still not advisable. Secondly, thieves would not be able to steal consumer goods and cover their tracks by replacing what they have stolen with counterfeit RFID chips.

It all sounds good – for now.

Tuesday, 2 February 2016

Information Commissioner states Reputation a Bigger Concern than Penalties

Information Commissioner Christopher Graham has said that a company's reputation is a bigger concern than financial penalties that may be assessed as a result of a data breach. He made his comments at the recent Advertising Association LEAD 2016 conference in London.

Graham's comments are in direct response to a YouGov poll sponsored by the Information Commissioner's Office to gauge consumer concerns over data breaches. According to that poll, almost 80% of consumers would think twice about providing personal information to a company that made the news after failing to prevent a security breach. That is a significant number by any measure.

“The knock-on effect of a data breach can be devastating for a company,” Graham said. “Getting hit with a fine is one thing, but when customers start taking their business – and their money – elsewhere, that can be a real body blow.”

He went on to say that consumers are genuinely concerned about cyber security and their personal information. Graham also reminded attendees that it is not only a legal obligation for companies to protect private information but doing so is also essential to maintaining a positive reputation among consumers.

In terms of the YouGov poll responsible for the commissioner’s comments, two additional statistics should be taken seriously by companies collecting personal information:

20% of respondents said they would definitely stop using a company after a data breach
Only 8% said that knowledge of a security breach would make no difference in their choice to continue a business relationship.


Data Protection Is Good Business

The YouGov poll is very clear in underscoring the fact that data protection is important for a company's reputation. But it is more than that. It is also good business. Whether a company is in the business of selling widgets or offering financial advice, secure data management tells customers that those in charge of the company are genuinely concerned about them rather than just the bottom line. Providing customers with that confidence goes a long way toward boosting reputation.

The reality is that our current environment of global networking exposes more people to risk than ever before. Managing risk is an unavoidable part of doing business in the modern era. More importantly, it is not just the responsibility of those companies that deal directly with the buying public. It is also the responsibility of tertiary companies including data centres, collocation providers, managed services providers, and so on.

Everyone involved in the data communications process has a role in protecting customer information. No data breach, regardless of the scope, can be pinpointed to a single entity or person. It takes multiple players within the security chain to create conditions that make large-scale illegal access to data possible. Therefore, everyone involved in the chain has a role to play in preventing security breaches.

Commissioner Graham says that reputation is more important than financial penalties resulting from security breaches. We are inclined to believe him.