At the Nordic Ecommerce conference in Stockholm last week, renowned hacker Kevin Mitnick told a few interesting, alarming, and sometimes highly entertaining stories about his exploits before getting caught by the FBI, and subsequently setting up his own consultancy, Mitnick Security.
He demoed a couple of classic pro-hacker tricks, including spoofing a phone number of a family member of a willing audience participant. This served to warn the audience just how quick and easy it could be for someone who has the right knowledge and equipment to commit fraud. For instance, Kevin gave the example of calling a PA from the Finance Director’s mobile number to obtain sensitive financial data.
He went on to talk about the ‘man in the middle attack’. This starts with a spear phishing email; spoofing of an email address of a particular organisation such as a bank. The victim calls the number, but instead of the bank’s actual integrated voice response system it goes through to his PBX software – a VoIP trick that enables him to obtain wilfully entered information.
So what should online retailers be doing to protect themselves and the data of their customers? One thing is for sure; encrypting card data in a database is not always enough. As Kevin pointed out, many ecommerce businesses keep the keys on the server itself, meaning that a hacker could gain access and decrypt everything.
It’s the responsibility of online retailers to take the right steps to help their customers to feel safe and secure when transacting with them online. From Jumio’s perspective, security should be efficient and smart enough not to disrupt the customer’s transacting experience.
Kevin’s presentation highlighted a few of the key problem that the industry needs to address, but they won’t be solved overnight. In the meantime, what can we do as individuals? Stay vigilant, keep passwords secure, and be a little suspicious of anyone peering over your shoulder. And don’t lend Kevin Mitnick your phone.
Hollie Stephens, European Marketing Campaign Executive at Jumio