In this series of Industry Insights, I will look at the current challenges facing those involved in the sale, application and administration of security solutions.
I will review the historical problem, how security systems have evolved in response, how criminals have reacted, and the state of play as security vendors have done all they can - as far as they can see - to mitigate risk: only for criminals to outwit them once again.
The ingenuity of fraudsters knows no bounds, and neither does their patience.
Malan Joubert is a founder and director of FireID.
The journey we will take over the next few months will take us to a safer place - at least in so far as our commercial transactions and online activity are concerned.
To start with, security is and always has been a moving target. As soon as you think you have it under control, someone finds a way through the most carefully thought out plans. That's the way it is and always has been.
There is always someone, somewhere, who considers it a badge of honour to break through a security system, to access something they should not have.
Or, often, it is a way for someone to steal actual money: it goes beyond a trophy security violation to one where a criminal gains access to financial systems and helps himself to cash - often large amounts of it.
This is more common than one might think: from Russia to the US, from South Africa to Nigeria, there are many thousands, if not millions, of people working very hard to part people from their money.
Just consider the recent example of an insider at Vodacom who worked with others to steal significant amounts of cash from banking users, by intercepting their one-time passwords (OTPs).
Or that of fraudsters in Europe who have found that by using a primitive, compromised Nokia 1100 cellphone (the so-called brick), they could also intercept banking users' OTPs.
Consider the local banking customer who literally watched money exiting her bank account before her very eyes.
Ingenuity of fraudsters
It is no exaggeration to say the ingenuity of fraudsters knows no bounds, and neither does their patience.
They will work and wait for months before striking, and depriving customers of their hard-earned cash. In this regard, then, they are not dissimilar to burglars, who exercise similar patience and precision before striking.
Fraudsters will try literally anything to gain access to your cash, from card theft to phishing and spoofing, from identity theft to keystroke-logging, from interception of SMS one-time passwords to the Nigerian 419 scam, the ways in which rogues will try to separate people from their cash and other possessions are manifold.
Unfortunately, as in all other forms of crime, the price of security is eternal vigilance. Criminals, using automated routines and programs, are able to probe away relentlessly at accounts.
All they need is a single loophole and they can be in, while you need to be on your guard all the time. Drop your guard for just a moment, and they will have you.
Often you don't even need to drop your guard. The fraudsters are all too often one step ahead, mimicking perfectly good, sensible and safe practices.
The real McCoy
For instance, consider the example of OTPs delivered by SMS to an online customer. Millions of people depend on these to authenticate themselves as they transact online.
Yet we now know that this seemingly secure system can be compromised. If we look at how this system was compromised, as reported in the media last year, there was collusion between a syndicate and a Vodacom employee.
The syndicate captured online users' details through spoofing, in which fraudsters send e-mails purporting to come from their bank. They are asked to verify their details online, and when they do so, the fraudsters have all the information they need to access the account-holder's cash.
Now all they need is the OTP contained in the SMS, and the Vodacom employee provided that by diverting it to the syndicate. By the time the scam was uncovered, the syndicate had made off with a reported R7.7 million. So, clearly, even the seemingly best laid plans can go awry.
In months to come, I'll highlight the shortcomings of the current approach to online security, and suggest solutions.
Share