General discussion


The risks of online payment systems

By debate ·
Does your organization have an Internet use policy? Does it address using online payment systems? Do you agree that allowing employees to use these systems can put the network at risk? Share your comments about the risks of online payment systems, as discussed in the March 8 Internet Security Focus e-newsletter.

If you haven't subscribed to our free Internet Security Focus e-newsletter, sign up today!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Risks mey be overstated

by malf In reply to The risks of online payme ...

To be certain, there is much risk in Internet usage these days, to both the individual and to corporate entities.
But as far as online payments and banking goes, it is obvious that the real threat is to identity.. PERSONAL Identity and the threat of identity theft.
I understand what the author is saying about URL 'spoofing', but that in itself is not much of a security threat to the network given proper precautions are in place against the forms of 'network attacks' that could take place as a result.
No, I would say that at this stage the threat is to individuals with a relatively low threat to the company and that the corporate benefits of allowing our employees online banking far outweigh the minimal threats.

Collapse -

Sick of the word HACKER's

by lwpenn In reply to The risks of online payme ...

Hackers, Do it all. Well 99.99% of all information taken from systems are taken by employees or sub-contractors. Face the real problem the company you share information with are the real problem. Let's pour more money down the rat hole and blame Hacker's. When, your information is taken by under payed or over worked employees that were never screened to start with, but when the system breaks down it's the HACKER's. Give it a rest!!!

Collapse -

User= Universally Significant Exception Risk

by jward In reply to Sick of the word HACKER's

In my opinion Humans are the single most likely to fail security leak that any network has. Whether intentionally or unintentionally I believe that people are their own worst enemies on any network. If people want real advice on how to secure their systems here's my two bits:

1. Do not open any attachment that you did not request.
2. Do not send an attachment unless your intended recipient knows that your a doing it AND what the name of the file will be.
3. Do NOT use words, pets names, peoples names, ID numbers (license, social security, telephone, car), sequential numbers/letters, predictable patterns or similar etc as you password for anything you do not want stolen.
4. Do NOT give, transmit or allow others to transmit your password over any form of email or any non-secure site. Do NOT keep any email password given to you, change them immediately.
5. Change your passwords for everything 1 per quarter or biannually at the very least.
6. Use more than 1 password.

Are these rules restricting? Yes. They have also protected our network for 2.5 years with 0 incidences of compromise.

Collapse -

I don't understand

by shawn In reply to User= Universally Signifi ...

I realize that general users will present problems. I shudder to think of how many people are falling for these emails going around that say they're from Ebay or Citibank and need you to update your credit card info. They really look real. But once you know.

But what I want to know, is why do people (like the author of this article) say that they themselves wouldn't use online banking or shop online either? I constantly use online banking and buy things online, and yes, there may be a risk that my bank or retail site would get hacked, but those places would be responsible if that happened.

But I know better than to engage in online banking, or online buying "from an email". I would never click on a link to enter a site that requires my email address. It doesn't take a rocket scientist to go to the official website and do your business. Are we really that lazy that we can't read the email, and then open up another browser window and go to the website ourselves?

And I agree, let's stop dumping on the hackers. I know, hackers are parasites, they make our lives very tedious, but ignorant users can be worse. I just wish some people would just calm down and spend more time on educating people of what not to do, instead of saying, "this stuff should never be done."

Collapse -

Risk Management

by Bucky Kaufman (MCSD) In reply to I don't understand

why do people (like the author of this article) say that they themselves wouldn't use online banking or shop online either
----- ----- ----- ----- ----- -----

F-E-A-R is the answer. There are all kinds of ways to minimize, the threat of internet predators.

But there's no way to minimize the FEARS, rational and not, of folks who have been repeatedly told that there is a threat - but not how to protect themselves.

There's a lot of folks out here who feel terrorized - and telling them to "be afraid" is NOT a solution.

Collapse -

Panic Ain't Productive

The article was high on panic, and low on productive solutions. Did George Bush ghost-write it?

We all know there's predators on the web - and that simple precautions remove the threat of 99.999% of them.

But disallowing employees from using the Internet is a self-destructive policy - and is NOT a reasonable solution. Better to train your staff on basic internet self-defense.

The proposed solution, disallowing Internet Access, is a guaranteed way to get rid of your 21st century staff.

Collapse -

Chicken Little

by Konza In reply to Panic Ain't Productive

I'm not even going to get into a diatribe about Jonathan Yarden's weekly 'the sky is falling' messages, that would be pointless when he's not going to change his opinion and I'm not going to change mine. Someone must have kicked him pretty hard.

Any transaction has risks. The types of transactions referred to in the article really only impact individual users as opposed to entire corporations unless you happen to supply all your employees with the company credit card in which case shame on you.

I've had fraudulent transactions posted to my credit card on the internet. My credit card issuer caught it because the wrong expiration date was used for the purchase. I've also had my nephew cheat my ATM card out of my pocket and sneak a few bucks out of my account and then cheat the card back thinking it couldn't be traced to him---wrong. I was stupid to even allow him the opportunity to look over my shoulder when I conducted my business.

Point being, if someone wants to commit thievery, there are a lot of opportunities to do it both live and electronically. Most people's transactions are uneventful so you just need to consider the odds when making your choices. The odds of my getting into a car accident on my local highway are 1 in 2,473. It's not going to stop me from getting behind the wheel but I will purchase auto insurance to minimize my risk.

Related Discussions

Related Forums