“Wow – 77 million PlayStation accounts hacked – that’s huge! Dad , did you see this internet fraud story?” My 13 year old is not a big gamer nor does he care that much about internet fraud (though he is a good sounding board when I am working through issues), but when he saw the headlines in our local paper this morning it was clear to him that the Sony PlayStation breach was a big deal. He knows of friends, cousins, uncles etc. that are avid online gamers and now, all of them have their identity compromised in some form or fashion. Maybe their credit card is exposed; perhaps their personal information such as address and birth date is being exploited; or quite possibly, their PlayStation password AND security questions that are also used for Gmail, Hotmail or perhaps even online banking have now been harvested and are up for sale on black market internet sites.
This most recent breach has really got me thinking. I mean sure, we had Heartland and TJMax, and then Gawker, and then Epsilon – in between the last 2 we had major breaches at security firms such as RSA and Barracuda Networks. What about banking fraud, anything new fraud attacks? Well, Bank Information Security reported today a series of new attacks that led up to $11million in bogus money transfers. It’s quite clear that internet crime is out of control and yet today’s internet security measures have virtually little power to protect the masses.
I have to confess - I have been involved in internet related technologies for many years but from a personal perspective, I am like most people – give me quick, easy access to my online services and don’t shackle me with difficult to use security – I mean, managing 5 different passwords is hard enough as it is ( these are used across 25 or so accounts by the way) and remembering personal challenge questions or entering captcha’s can be more of a challenge for me than it is for a frauster on some days!
But I have to say, these growing threats are starting to hit pretty close to home. As I wrote a couple of weeks ago, I am getting emails from my service providers regarding the Epsilon breach – how do I know these aren’t spear phishing attacks from the criminals who have my credentials? And, if I did have a PlayStation account (I think I have an online Nintendo account – I should look into that) I would be changing a whole slew of passwords today.
The big internet boys fundamentally know that a stronger internet security backbone is required – Google, PayPal, Amazon, Facebook and Blizzard are all starting to bring strong authentication to help protect their customer accounts – the question is; Why aren’t the banks doing more? Why isn’t the government playing a more active role to legislate provisions for internet security?
We have, and will continue to invest billions of dollars every year to roll out new internet applications and services, in the corporate world, in the consumer world, in governments and public services organizations – and the growth will continue. So, when will we realize that the foundation of internet security is crumbling? When will the organizations that have a stake in owning and protecting our identity show some initiative? People always say security is too expensive and there is no business driver – well, I think I am ready to pay for an internet ID – one that is secure; one that is easy use across multiple sites; and one that comes with some form of assurance that if I am breached, they will be there to help me recover gracefully. How much will I pay you ask? Well, I don’t think twice about buying an iTunes song or new mobile app for 99 cents so, I’d be happy paying $2 a month or $25 / year – oh, and by the way, if they did their job well, they’d likely have me and millions of other customers renewing for years and years to come without even a thought!