My Executive


    Sep 04, 2013

    Best defence against data theft: Vigilance

    The New York Times

    MY WIFE and I are vigilant about monitoring credit-card activity, but we still get unauthorised charges on our bill after recent trips.

    The card was invalidated, a fraud probe began, the charges were removed, and a few days later, a new card arrived via FedEx.

    Then I called my friend, security expert Anthony Roman, who sounded a red alert.

    What's the big deal, I thought. Aside from the inconvenience of having to enter the new credit-card information on recurring accounts, the cost to me was zero.

    "Well, hopefully it was," said Mr Roman, president of Roman & Associates, which specialises in investigation and risk-management consulting.

    He said isolated unauthorised charges on your credit-card statement most likely indicate that sophisticated cybercriminals are waiting to see if you will notice.

    "What credit-card fraudsters do is test your vigilance, how carefully you and the credit-card providers are watching your account," he said.

    "They do this by making relatively small purchases first, to see if they set off any (alarm) bells."

    Many frequent travellers are lax about checking their statements in a timely manner, which gives the green light to criminal hackers. Then, the big charges will come.

    Worse, a hacked card could indicate that more serious identity theft might have occurred, said my friend.

    In its 2013 Global Security Report, data-security-management firm Trustwave said the top three industries targeted for data-breach attacks last year, measured by the number of its investigations, were retail (45 per cent), food and beverage (24 per cent) and hotels (9 per cent).

    Three years ago, the hotel industry was at the top, but hotels have since made "significant strides" in improving credit-card security measures.

    Still, criminal hackers gravitate to some hotels because hotels do many credit-card transactions at a local level, where centralised and highly sophisticated data-security safeguards may be lacking.

    Last year, for example, the United States Federal Trade Commission sued hotel chain Wyndham Worldwide for what it said was inadequate safeguarding of credit-card data that led to three data breaches in under two years.

    For hotel owners, it is expensive to fully comply with the tough global data-security criteria set by the credit-card firms. Trustware said "cybersecurity threats are increasing as quickly as businesses can implement measures against them".

    The threat is constant and the best protection is vigilance, my friend said. That includes using complex passwords, being wary of public Wi-Fi, updating antivirus software - and checking credit-card statements carefully.