The growing online shopping environment and widespread internet connectivity has exposed financial institutions to increasing levels of cyber crime. These cyber attacks may cause service outages, increased cases of fraud, theft of intellectual property, loss of sensitive data as well as even total failure of core operating systems.
Of course this isn't exactly new information, as President Obama has created positions to target cyber security in the United States of America, and has instituted new legislation to shrink the time window institutions have of reporting breaches in their data so consumers can put a stop to any damage that is being caused sooner.
"When these cybercriminals start racking up charges on your card, it can destroy your credit rating… It can turn your life upside down. It may take you months to get your finances back in order. This is a direct threat to the economic security of American families and we've got to stop it." President Obama
With more awareness being spread, and strong words being spoken, we the people are left to believe that things should be improving, and in some areas certainly they are, however there is no rest for the wicked.
U.S. Securities and Exchange Commission (SEC) Chair Mary Jo White was interviewed at the Reuters Financial Regulation Summit earlier this year on the 17th of May, "cyber security is the biggest risk facing the financial system", she chimed in with the cacophony of growing concern, she then explained that the SEC, which is responsible for regulating securities markets, found that some major exchanges, clearing houses and private exchanges known as "dark pools" are found lacking in the cyber policies needed to address the sort of risks they face. This is important because technology trends show us that there is a significant rise in cloud based information sharing, something that will not slow down or reverse course. The increasing interconnectedness of businesses, infrastructure, financial institutions and consumer devices means that any weak point becomes a potential threat to the rest of the system, so even when the United States government takes very expensive steps to insure our relative cyber-safety, international banks and financial markets across the world could act as ports of entry much like the back doors hackers use in more low profile targets.
Distributed Guessing Attack
Similarly, individual businesses can act as threats to the entire system, a research team from Newcastle University in the U.K. discovered a method to hack credit cards, hackers can target security codes and dates in about six, yes six, seconds. The team used a method called "Distributed Guessing Attack" where online payment websites are used to guess at the required data and then upon receiving denial or acceptance determine whether the data was correct. Why does this work? PhD student at Newccastle University Mohammed Ali says that "this sort of attack exploits two weaknesses that on their own are not too severe but when used together, present a serious risk to the whole payment system". When online vendors do not use the same questions to confirm card validity, they create an opportunity for hackers to use jigsaw identification, this paired with the fact that current online systems do not detect multiple invalid payment requests on the same card distributed across many websites, it is possible that a hacker can have unlimited attempts at the data fields.
Until there are common rules all online vendors must follow, or all vendors recognize when a single card is being targeted across many websites, the best preventative measures are to have a single card used for online shopping, and to maintain a minimal balance on said card, to reduce losses in the event of identity theft.