Category: Data Security

Black Friday & Online Fraud – What Have We Learnt? (Retailers & Consumers)

Last month consumers enjoyed another frenzy of slashed prices and bargain basement price tags. Black Friday brought its usually flurry of financial activity, kicking off the holiday season. Year on year, the shift in purchasing methods has increased. We’ve come a long way from queueing for stores to open, when consumers can now engage in online spending from the comfort of our own homes or via mobile on the go. According to The Wall Street Journal, in 2017 the number of Black Friday in-store sales dropped by 4% while online purchases increased by a whopping 18%. With the power of the online advertising industry and ease of online access and use, not only are more people choosing to do their Black Friday spending online but they’re spending more online too. What does this mean for cybercrime? The more transactions that are made, the better. Online fraud thrives when it can be easily concealed. Although it’s still too early to analyze recent stats for this year’s online fraud activity, specific to Black Friday, stats from Kaspersky Lab show that last year financial phishing accounted for an enormous 49.77%, making up nearly half of all phishing attacks. We expect to see those numbers reflected and possibly increase in results from this year’s sales. As consumer purchasing increases, so shall the opportunity for fraud. How does it work? When consumers use online payment methods to make transactions, their personal data may be at risk. On Black Friday, banks see a huge increase in mobile and online account logins and authorizations, causing a distraction for online fraudsters. Bot attacks are launched to ‘phish’ for personal data and then use that data to attempt purchases and payments. Since traffic is inordinately high it’s significantly harder to spot bot attacks on Black Friday than any other day of the year. With the tech advances of 2017, botnet and malware attacks are so advanced that they can closely and discreetly mimic trusted user behavior. Once they discover the personal data they need, these stolen or synthetic identities can be used in myriad ways to perform fraudulent and hugely damaging online purchases on a massive scale. One of the most effective uses of botnet fraud in the retail sphere is account origination fraud. Defined as the use of stolen identities, or often false identities built around stolen personal data, to create new accounts, account origination fraud is even more difficult to detect at times of extremely high traffic. On Black Friday this is more than true when personal data transactions increase as do new account creations for genuine purchasing reasons. What can we do? Verify true identity and minimize fraud. Here’s a brief list of things to watch out for: 1) Email Phishing: fraudsters will send out polished emails emulating those of trusted retailers promising offers and promotions so berserk they seem far too good to be true, even on Black Friday. That’s because they are. And you should ignore them. These emails will take you down a route that requests personal data or infects with inadvertently downloaded malware. 2) Fake Sites: these are exactly what they say on the tin. You see a great pair of shoes or brand new smart phone and decide to treat yourself to a Black Friday deal. The problem is, these sites are built to mirror those they are impersonating. They can look and feel the same, with similar products, prices and even shopping cart functionality. The best way to spot these is to check the URL. If it ends with .org, .net, or has a completely different name to that of the company you are attempting to purchasing from, back away. Look out for sites beginning with https:// – these are generally better protected and less likely of infecting you with malware. 3) Pop Up Phishing: Never provide more information to an untrusted web site other than your name, email address and phone number. When making a purchase or browsing you should not be asked to answer ‘security’ or verification questions involving personal data. Never disclose this information. PlanetVerify offers an end-to-end solution for retailers and consumers alike. From lessons learnt this year, let’s prepare for a safe and secure 2018. Our app allows for fast, effective and ultra secure encrypted personal data storage and management, for consumers on the go. The holiday season should be about relaxation, celebration and joy. Our motto is to collect, store, verify and comply, so you can sit back, relax, and shop or sell from wherever you want to go.

Read More

Your Personal data and the Insecurity of Using an Email Data Collection Procedure

Email is the most common identity management and communication tool on the internet. Think about how often you are asked to ‘sign-up’, ‘sign-in’ and ‘enter your email’ for identity verification purposes online. Email addresses are the key to receiving notifications, creating online accounts and sometimes we even use them to communicate with each other. Think of them as your online personal identification. Such power with something that seems so simple, right? Maybe not.   Email Is Insecure – Why? Email was not designed with security, privacy, identity management or any data collection procedure in mind. It was never meant to be the epicentre of our online lives and it was born in a time when personal data protection and PIM software wasn’t at the forefront of people’s minds. In recent years there have been efforts to increase email security but with the shutting down of well-known secure email services like Lavabit, this highlights the difficulty in providing email based services with security up to scratch. (Lavabit was reportedly used by Edward Snowden, the NSA whistleblower).   Remember, email was developed when the online world was a much smaller place. It was a simple way to send messages back and forth to your long-lost cousins across the world, it was completely open and not even passwords were encrypted. It wasn’t designed for personal identity management. Today passwords are encrypted but email is still not a secure place to share personal data or documents, as there are different places your private information can be accessed within your emails. These are: On your device/or the recipient’s device On the server On the network To avoid anyone accessing your device, whether it be your phone, tablet or computer, most people now have passwords to enter their device which acts as a controllable protection of personal data contained within the device. However, this isn’t always 100% secure. Some email programs encrypt the emails stored on the device but most don’t. Also don’t forget that even if it’s not a person unlocking your device, malware can do it in a matter of seconds without having opposable thumbs. In fact, rifling through email for personal data is a common feature of malware. What about Servers? Servers are data storage centres where your email provider stores all of your emails. If someone hacks your email password they can sign directly into the server and access a complete history of your emails and any personal data they contain. Most email providers store emails as plain text – what this means is; any hacker that can access these servers will also have access to your emails and any attachments or personal data contained within them. Email providers don’t put much emphasis on personal data or the protection of stored emails as it would create too much additional work on their end. Emails servers simply weren’t designed for identity management or to function as PIM software does. But it also allows services to automatically scan your messages for keywords to target advertising. Think of all those targeted ads you see, it’s no coincidence you’re seeing ads about hotels in Spain when you were emailing a travel agent about them just last month. Networks Networks are a little more complicated but are basically: your connection to your email provider (eg: Google, Outlook), any connections between your email provider, the recipient of your email, and your recipient’s connection to their email provider. For example if you and your recipient use the same service (eg: gmail.com) then you can have potential network vulnerabilities. If your recipient’s email is their work email address and for example, they work in a school, then there is a vulnerability between your gmail email and your recipient’s school email provider. With networks you might think that your personal data is secure and identity management is a breeze but that could possibly mean that only one branch of the network is secure while the other branches may have security vulnerabilities. Phew! What not to do A recent example of how a simple human error can result in your private personal data ending up in other’s people’s hands is the sharing of Essential customers’ driving licenses via email. This method is not recommended as an effective identity management solution and is unsafe.  Customers who had preordered an Essential phone received an email asking them to verify their address by replying to the email with identity verification in the form of a copy of their driver license. Many customers responded with this information, including their date of birth, home address, phone numbers and other personal data. These emails didn’t just go back to the Essential Customer Support team, they also went out to everyone who had received that initial email asking them to verify their private information. Shockingly, this meant that dozens of people now had received each other’s private, sensitive, personal data. Allegedly this issue was caused by the misconfiguration of an email address in the customer service platform, Zendesk. What Other Options do I Have for Sending my Private Personal Data? You can work on message encryption yourself but this is complicated process and can take some time, you may need to get the support of an IT professional too and it seems like a lot of work to ensure your identity management efforts are 100% secure. That’s where companies like PlanetVerify come in. PlanetVerify automates and digitises the gathering of identity verification data, personal data and documents in a way that’s cost effective, convenient and compliant. PlanetVerify works by requesting documents via a secure platform instead of via email. Through this data collection process not only does this mean that your documents are 100% secure for identity management but the documents can then be saved automatically, kept for a specified amount of time and then be securely deleted (purged) when they are no longer needed. This eliminates the risk of your personal data documents lying in your email server open for attack. It also means that long email threads back and forth with businesses which contain your personal identification documents are a thing of the past. This automated data collection process also streamlines the experience for you and no more worrying about whether or not your personal data and documents are at risk of a security breach. In fact PlanetVerify have the most secure…

Read More

New Rental Regulation. What to do?

The rental debate rumbles on Renting in Ireland is a much-discussed issue in Irish media today especially after the new Rental Regulation was introduced in December 2016. Without doubt, demand outweighs supply and rent prices have soared, with a knock-on impact on numbers of people who cannot afford housing. However, it appears it is not just the tenants who are under pressure. Observations on recent media coverage A recent article in the Irish Times examines the decision by estate agents, Hooke and MacDonald, to cut back on managing individual lettings for landlords due to the increase to cost and paperwork resulting from recent changes to residential tenancies laws. This means that many landlords are now without an agency to manage their rental property and therefore see the benefit in selling on that property rather than taking on management of the property themselves or paying for a new agency to take over. For both landlords and tenants alike, this is bad news. For the former, it means being forced to go through a sale when this may not have been their preferred time to sell or planned outcome for the property and for the tenants who cannot afford to buy, it means less rental property options on the market. With the introduction of new laws, vast amounts of paperwork and re-organisation of internal administrative processes follow suit. In this case, it seems the changes incurred are impactful enough to cause estate agents to simply draw the line at single property management. But, is there an alternative? If Hooke and MacDonald had an easier way to process and store their paperwork and keep costs down, would this dramatic move have occurred in the first place? In the article published on June 5th of this year, the firm’s MD, Ken MacDonald, told the Irish Times, “It is as easy to manage 20 properties as it is to manage one or two properties. With all the new legislation that has come in, there’s a lot of background work involved so we are cutting back.” Gathering of documents, signatures and financial records is a laborious task and can take up vast amounts of an employee’s day. MacDonald’s point that it is the same amount of work regardless of the number of properties may well be true – the initial gathering of information from a landlord who has one property is the same as the process for a landlord with 20. After that though, surely each individual rental incurs its own allocation of time spent requesting, obtaining and filing data? It is possible to make this process easier By requesting documents via a secured platform instead of via emails, you save time and ensure security for the date being requested and received. The documents can then be saved automatically by the same online tool and kept for a specified amount of time and deleted when they are no longer needed. Businesses will no longer need to engage in numerous email exchanges on top of worrying about security breaches when confidential documents are in their possession. What can be done? In a world of paperless transactions and document transfers, estate agents need a simpler way to manage this background work that Ken MacDonald speaks of. In addition, they need to know that this new method is secure; it will not only speed up their internal administrative processes and free up their staff to manage more work, it will also ensure that they are compliant with GDPR data regulations. Finally, and perhaps above all, it will ensure that they don’t have to let customers down. Click here to find out how PlanetVerify allows companies to obtain personal data directly and securely from their customers instantly and in a transparent way. Download the App or browse the PlanetVerify website to explore this advanced document gathering and verification process created with your data security in mind.

Read More