How to safeguard our personal and financial data.

Why we need to safeguard our personal and financial data while online?

The advanced of technology build up the second world of us today. It create conveniences and efficient. People can do his or her purchase transaction of items online without step out their house. Everything can be done at home where just by internet. The only thing we can do is just registered our personal data on the onlineshop website, e-banking website and they gurantee that our data are safe and privacy.

Is it real? Our personal and financial data are 100% safe with them. What your opinion? Emm.. Do you receive junkmail before in your mailbox? 9 out of 10 people will say yes where they found some "nonsense" email which send from XXX company which they start to think did I give or write my e-mail address to them before. If not how they get our email address and even know our name correctly (personal data).

Once again, its prove that internet is not a safe place where millions of computer are connected and the data transfering on sending back and forth through different server on a same time. So, the signifiant increasing numbers of crimes on stealing personal and financial data from third party by using the advanced of technology.Thus, it is dangerous that for every users to disclose some of his personal data in internet with available software in market to prevent hackers to intercept and use those privacy information act as you and use it to purchase things.

So, How can we prevent of being one of the victim ?

1. Secure your mailbox.
Remove incoming mail promptly.Avoid putting bill payments in your mailbox for pickup by a postal carrier ,unless it is unlocked box, drop outgoing payments in Postal Servcies collection boxes.

2. Share your personal information cautiously
Users must cautious on sharing or listing out their privacy personal data including social security numbers, driver's license number and credit card numbers. Don't give out information unless you know the pary with whomyou are dealing with.

3.Review your credit card report and correct any errors.
Do it again each month and year as you receive the bank billing statement with yours receipts to make sure you have not been billed for fraudulent purchasas. If spot any suspicious transactions or charges or duplicated charges where unknown .Then, pleace contact the bank immediately.

4. Store card receipts and other important documents in a safe place.
All those documents including cancelled checks, new checks and account statements should keep properly and not simply throw out. Users need to shred it first before they throw it out. Also shred offers for preapproved credit cards before discarding them.

5.Strong password.
Users should not reveal any passwordthat related our personal and financial data to the other party simply and easily. Users should remembers their own password while log in in any online website and log off while they leave to prevent the other party steal it. Avoid using passwordsthat are easily to guess such as your name , nric number, date of birth, your mother or father name and others. Password that you set please never ever write it down on the paper and out inside in your wallet or beg because it might be steal by theft then they will get your password easily.

6.Use own computer.
When you key in any private information included personal and financial data please doit on your own computer and at home. This is the most safety place instead of work or public maachine to prevent any chances of your own data explode out.

7.Resits using free wireless connections particulary in cybercafes, airports and other public place to check peersonal information.

8. Purchase and use the updated antivirus and antispyware software to get an extra protection.
Remember anything will happen in anytime so what we can do is just prevent by some software to reduce the chances of our personal and financial data fade out.

The threat of online security: How safe is our data?

How safe is our data?

There are several ways to lost our data such as stolen laptops, lost CD or pen drive and systems hacking which contain personal particular of some organisation's employees may expose them to the risk of identity theft. Many organizations have experience of cyber attacks from inside and outside of the organization, even country. The financial losses from cyber attack can be substantial.

For example, there is a case happened on April 2007 at Georgia, where a company lost a CD. The company was hired to handle information by the Georgia Department of Community Health. The CD consists of 2.9 million Georgia residents' data such as names, social security numbers, addresses and members identification for recipients of Medicaid and other medical programme. Those data was not encrypted, therefore potential identity abuse may arise.

Another case happened on September 2006 at Ohio. Hackers broke into the systems of an Ohio hospital and steal personal data of 230,000 patients and their family members plus the financial information of 12,000 donors. It happened when the hospital was upgrading its systems.

How to protect our data?

There are many ways to protect our data, such as:

1) Access control mechanism - Mechanism that limits the actions that can be performed by an authenticated person or group.

2) Passive tokens - Storage devices (e.g. magnetic strips) used in a two-factor autheutication system that contain a secret code.

3) Active tokens - Small, stand-alone electronic devices in a two factor authectication system that generate one-time passwords.

4) Encryption - The process of scrambling (encrypting) a message in such a way that it is difficult, expensive, or time-consuming for an unauthorized person to unscramble (decrypt) it. Encryption helps to secure stored information and information transmission.

Phishing: Examples and its prevention methods

What is Phishing?
It is an form of criminal activity and fraudulent attempt, which usually made through email to steal people personal information and acquire sensitive information such as passwords and credit card details by pretending as a trustworthy person or a business in an electronic communication.

Those phishing emails usually appear to come from some well-known organizations such as banks, ebay and etc, Besides that, phishing emails ask for personal and sensitive information-credit card number, social security number, account number and even passwords also. Usually, phishing emails appear to come from those sites, services, companies or organizations which they do not even have accounts. Moreover, phishing emails always tell people to click a link that is a site to request people to fill in or updated their personal information.

What are the signs of Phishing?
(1) Requests for personal information- Legitimate companies would NEVER REQUEST personal information, especially not a company or an organization such as bank or credit card company which should already have those personal information.

(2) Mistakes- Little things that can often reveal the biggest clues. Most mistakes in grammers, slip up on the finer details and so on.

(3) Addressed as "Customer"- Phishers want to save time, they use generic names like "Dear Valued Customer", so that they do not have to type all recipients' name out and send one-by-one. For example, if your bank, regularly addresses your name in.


(4) "Verify your account"- A legitimate business would not request their customers' passwords, logon names, Social Security numbers and other sensitive information through emails. If receive these kind of emails, do not response. It is a phishing scam.

(5) "Click the link below to gain access to your account"- HTML formatted messages can contain links or forms that people can fill out just as people would fill out on a Website. The link that people urge to click may contain all or part of a real company's name but the link is actually taking people to a sham Website.

(6) Uniform Resource Locator (URL)- Phishers sightly altered by intentionally adding, omitting or transposing letters. For example, the URL "www.microsoft.com" could instead as:

(a) www.micosoft.com
(b) www.mircosoft.com
(c) www.verify-microsoft.com

How to prevent?
(1) Change the passwords on all the accounts- Use a strong password that at least eight characters long, includes letters, numbers and symbols, easy for users to remember but hard for othersto guess. Avoid the name and words in any dictionary, important dates and so on. Protect passwords and change them regularly.

(2) Report the incident- Contact the credit card company or bank if those personal information already given out. Report or send the phishing emails to them so it is easier for them to protect their customers.

(3) Separate email address for different usage- For example, one for financial transaction, one for trusted friends and families and one for public or general use. So, have to do everything well to keep the address for financial transaction purpose as private as possible.

(4) Improve Computer's Security- Phishers hope users have not been applying the latest fixes and try to take advantage of those vulnerabilies. Better use a firewall and anti-phishing software such as Kaspersky Internet Security, Norton 360 and so on. Besides that, Web Browsers like Microsoft Internet Explorer 7 and Firefox 2.0 come with the anti-phishing functions.



Video Sharing to clarify on Phishing Scams in Plain English

REMEMBER!! Legitimate organizations would NEVER REQUEST personal information through emails.

Reference:

Retrieved from http://www.phishtank.com/what_is_phishing.php on 23 June 2009
Retrieved from http://onecare.live.com/site/en-us/article/phishing_prevent.htm on 23 June 2009
Retrieved from http://www.youtube.com/watch?v=sqRZGhiHGxg&feature=fvw on 23 June 2009

The application of 3rd party certification programme in Malaysia

3rd party certification programme is simply a means that will increase the confidence level of customers when surfing the web and this is especially important when they are making online transactions, in which they are required to reveal private and confidential information such as credit card particulars, personal details and etc.

With the increase in phishing (the crimal fradulant process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication) and spoofing attacks (a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage) on the internet, people need to be sure that they are dealing with trusted parties when making online transactions each and every time. They need to ensure that their information reaches only to the intended recipients and is safe from intruders.

Application: Global Server ID (VeriSign)
Technically, Digital IDs, also known as digital certificates, bind the identity of your organization to a pair of electronic keys that can be used to encrypt and sign digital information. A Digital ID makes it possible to verify someone's claim that they have the right to use a given key, helping to prevent people from using phony keys to impersonate other users. Used in conjunction with encryption, Digital IDs provide a complete security solution, assuring the identity of one or all parties involved in a transaction. A Digital ID is issued by a trusted third party called a Certification Authority (CA) - in this case, VeriSign.
This 3rd party certificate programme is mainly used in the banking industry in Malaysia as well as online purchasing websites and transactions (paying bills, booking air tickets and accommodations and etc.).

Application: SSL Certificate (Msc TrustGate)

PKI for SSL service is available in both 40 bit and 128 bit certificate strengths. The primary difference between the two types of SSL Certificates is the strength of the SSL session that each enable in browsers. SSL strengths - 40-bit and 128-bit - refer to the length of the "session key" generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. 128-bit SSL encryption is the world's strongest: it would take a trillion-trillion years to crack using today's technology.

For example:-
http://www.maybank.com/
http://www.pbebank.com/en/en_content/personal/index.html
http://www.rhb.com.my/
http://www.airasia.com.my/site/my/en/home.jsp
http://www.malaysiaairlines.com/my/en/home.aspx

*Reference:
Retrieved on 22th June 2009,

https://digitalid.msctrustgate.com/global/globalserver/about/globalFAQ.htm
Retrieved on 22th June 2009,
http://www.wikipedia.org/