Dr. Byron Jeff – Can Hackers Steal Your Identity AND Your Photos?
With the security breeches at Target and Home Depot making headline news this year, a lot of people are asking, "Should I never swipe a debit card at a retail outlet again?"
Adding fuel to the insecurity about internet security has been a series of very well-publicized incidents where celebrity photos -- generally rather lurid photos – have been hacked and published without permission on a variety of websites.
So, what can you do? Dr. Byron Jeff, Computer Science and Information Technology Department Chair and Associate Professor of Information Technology at Clayton State University has some ideas, starting with what you shouldn’t do with your personal photos.
“As for photos, the advice is to treat anything that is on a network-connected machine as publicly accessible information. If you have a device that connects to a network, you have a device that can be remotely hacked.”
As for having your credit or debit card information stolen from a retailer, that’s a more complicated matter.
While there has been a lot of technical talk about firewalls and the safety of POS (Point of Sale) systems, Jeff says there are a couple of things you still need to know as a consumer.
You may be surprised to know that the answer to the question, "Should I never swipe a debit card at a retail outlet again?" is, according to Jeff, "absolutely!"
“Continued use of debit cards at retail outlets, in the wake of the Target security breech, and other recent reported possible security breeches, is analogous to continuing to use a bank even though banks get robbed.”
Jeff points out that there is no such thing as perfect security, and even though, when security fails, the use of electronic accounting systems facilitates the replacement of funds if they are stolen, the larger impact of a security breech is both the inconvenience of having to replace compromised cards and the overall additional costs in fees and insurance to retailers, costs which of course they simply pass on to their customers. The overall impact is that all prices rise due to theft.
So, should we use cash only in our retail transactions? No… cash customers have a much greater personal risk than anyone carrying a card. In fact, one thing you want to walk away with following the Target and Home Depot snafus is that it is always safer to use a card rather than cash. That’s because cash can be lost or stolen and because there is no electronic record of its transfer, there is no possibility of it being replaced if it is lost or stolen.
“All card transactions are electronically recorded. That’s why there’s such an elaborate fraud system in place,” says Jeff. “We all need to live with that system, because every
bit of fraud we can avoid lowers the cost of business to everyone, both businesses and consumers.
“The one security suggestion I'd offer is never use your debit card with a PIN unless you absolutely have to get cash back. It's always safer to run your debit card as a credit card, precisely because the PIN is never entered. You can always use a debit card as a credit card, unless you need to get cash back. When you do use a PIN, cover the keypad.”
What’s the significance of this technique? The PIN number isn't stored on the magstripe of the card. Neither is the CVV number on the back of the card. That means that, even if you capture a swipe of the card, you cannot get the PIN or CVV. The PIN is only entered into the POS (Point of Sale) machine and it's encrypted before the request is sent out on the network for processing. The only reasonable way to capture the PIN is to get it as it is being entered into the terminal, often through a hidden camera or other clandestine observation. Thus, Jeff suggest that you cover the keypad when you do enter your PIN.
“The bottom line is, you should not be fearful of using your card,” he adds. “However, debit cards are much more risky because they are connected directly to your checking account. From a security standpoint; it’s almost always safer to use a credit card, and signing is better than using a PIN, and everything is better than cash.”