October 8, 2014

Hackers Are Having a Field Day At Our Expense



courtesy abcnews.com
News item: J.P. Morgan reports 76 million households have had some of their account information stolen. Note that is households, so that might mean something close to half the American population.

News item: Another nine financial institutions were hacked by the same group at the same time.

News item: Home Depot says 56 million personal accounts were hacked, putting that number of credit cards at risk.

News item: Target loses 40 million credit card account data to hackers.


Excuse me, but are we officially scared yet? Do we realize how unable to stop these people all of our important institutions are? Do we suspect that government computers are attacked and hacked multiple times a day? Do we fully comprehend that our power grids are all run by very hackable computers and are a mouse click away from being shut down?

Our lifestyle, financial, governmental, and environmental well-being are under constant attack and we seem to be doing a rather poor job of stopping it. To "fix" the problem 4 months after it is first found is the best we can muster? To issue "patches" after the fact isn't good enough.  To apologize and give a year's worth of free credit monitoring is like giving us a smoke alarm after the house burned down.

We can send a spaceship to Mars, we can find the money to make permanent war on an endless supply of bad guys, we can make 90" TV screens, we can invent smartphones that can monitor our home security from 5,000 miles away......but we can't protect ourselves from people bent on messing with our lives.

And, I don't know why we aren't outraged.

The typical response seems to be a shrug of the shoulder and an acceptance that this is the new normal. We feel good about "free" credit monitoring that financial or big box stores give us. Of course, all that does is let us know quickly when someone has stolen our identity and hijacked our financial life. 

We continue to do business with companies that say "We're sorry" but know the next cyber attack is just over the hill. The CEO's of these companies continue to take home multi-million dollar salaries even as they put tens of millions of us in a bind. 

I don't have an answer, just a sense of helplessness, which is one of the goals of a terrorist. Stealing my identity, hacking into my life, and causing me endless grief is every bit as much a terrorist attack as some crazy with a bomb. The cyber attack will not be fatal (unless our electricity, food, and water supply are cut off). But, it does significant damage just the same.

Stop using credit cards? That could be a partial solution, but at a very high cost of inconvenience and hassle. Stop shopping at compromised stores? That doesn't leave many. Stockpile water and food for when the hackers mess with our energy supplies? Maybe. Buy dozens of solar panels so I don't need the local electric utility? Not practical but maybe a necessity.

Or, demand that the money and brain power of this country be turned on an enemy much more likely to harm our day-to-day way of life than a small band of fanatics intent on forming their own country or way of life on the other side of the world.  We are under daily attack, right now, on our own soil from computer hackers and cyber criminals. This is not hypothetical - it is going on as you read this post.

ROI, or return on investment, is a basic economic principle. I am willing to bet the immediate ROI on upping our hacker defenses will pay much greater dividends over the near term than shooting off a $1 million dollar missile several times a day so we can blow up a truck or a building somewhere in the Mideast. 

If the responsible people at these companies and in government lost their jobs when 40, 50, 60, 70 million customers lost their privacy then maybe things would be different. At the moment there seems to be no consequence for massive failure.

Hackers have declared war on us, and our response is to try and close that proverbial barn door after all the horses have run away.

That shouldn't be good enough.

OK, my rant is over.

30 comments:

  1. This is sure to strike a nerve with all who read it. And it does leave us all feeling so helpless!

    I read somewhere (can't remember where) that using your bank card and pin is more risky than using a credit card, with the idea that your bank account can be emptied pretty fast if the hacker has access to your pin. Supposedly credit cards are safer. American Express tells me that they are responsible for ALL fraudulent charges. But what I don't know is this: if someone hacks into my AmexEx account, can they get anything else besides my account number? (SS number?)

    If it is possible to fix this problem, why hasn't it been fixed? Sounds like a good campaign issue that EVERYONE can relate to. Perhaps some politician will grab this as an issue worth addressing. It seems like there must be the intellect to solve this; where is it?

    Great post, one that we all can relate to on some level.

    ReplyDelete
    Replies
    1. I believe you are right about the debit card versus a credit card. Yes, the credit card companies will cover the fraudulent charges. But, that is only the obvious issue. If the hacker has stolen enough of your personal identity information, he can absolutely wreck your life: open new cards in your name, become involved in criminal activities with your identity, mess up your social security account, drain your investment accounts, etc. The $200 charge on the AMEX card could be only the very tip of the iceberg. What is below the water is going to sink your Titanic.

      Delete
    2. Carole, this is true if you use a pin, but if you use your debit card as a credit card (meaning choose credit and have a signature required) then you have equal protection,. For some reason there is a huge misunderstanding on this one.

      Delete
    3. Good clarification, Barb. Thanks

      Delete
  2. If you've noticed, these hacks aren't happening in Europe. Neither with their credit cards because they are using an unhackable chip in each card. America is way behind in technology. I don't use American companies or banks. I only utilize European ones specifically for the points you've mentioned above. Maybe if more Americans would take their business across the pond, these hackable companies may get the message.
    We no longer use our cards here at home for anything. I go to the my financial institution, in person, to a real human being each and every week and get the amount of cash I need for that week. We buy everything now and pay in cash. Period. We don't travel or rent cars or do anything that requires a credit card. I don't concern myself with 'points'.
    I'm very alert at all the preposterous emails I get. I almost fell for one yesterday: It was from AT&T telling me they sent me a $20 egift card as a thank you for my business. I almost clicked on it but I stopped to read the entire message. At the bottom of the email, they misspelled 'Starbukes'. Duh? I'm hoping I make it through, boy......because I almost got caught. Whew!
    Be vigilant is all I can say. But hackers have been paying off medical receptionists in order to get names, addresses, emails, social security numbers and medical ID's. So, basically, we really aren't safe from anything, despite our cautiousness. It's not 'if'. It's 'when'.

    ReplyDelete
    Replies
    1. "It's not if, it's when" is the scary fact. Virtually everyone of us will be affected at some point.

      Yes, smart chip technology is old news in Europe, but here the banks don't want to spend the money to reissue cards: it is expensive. I guess they have calculated that the cost of 70 million stolen account records is less to them than sending out 70 million smart cards.

      As I noted, fraudulent charges are just the cost of doing business to them. There are no real consequences beyond an apology and some tax-deductible expenses.

      Delete
  3. Bob, maybe it's time for boomers to unite and be heard. Surely major financial institutions and credit card companies would be affected if we were to close our accounts. The big question is: Are there any institutions out there that have been able to safeguard customers? I'm old fashioned where banking is concerned. I know a person can earn more interest from online banks, but I still feel better going to my brick and mortar bank. However, I felt pretty insecure when my local bank was hit! Maybe one of your commenters will have a good suggestion.

    ReplyDelete
    Replies
    1. We can't close all our charge accounts. That ruins your FICO score when it comes time to have to finance a major purchase. You can't just decide to not use the cards because your records are still available for someone to steal.

      Cindi noted the smart card technology. That helps, but until there are real, hard, consequences to institutions that are hacked, the costs do doing nothing are lower than the costs of protecting us and our future.

      Delete
    2. I no longer use a credit card, only a debit mastercard that I use with signature, This is my solution, at least.

      Delete
  4. WooooooHoooooo! Right on Bob!
    There are government agencies working on the issue, but they are under manned and under funded. We need to leave the Middle East and Africa to themselves and concentrate on the people actually going for destroying our economy.
    Until then....

    The problem with charging institutions for the crimes is that you and I end up paying those fines in terms of higher prices to make up for their loses. We need to charge individuals. Nothing like a CEO dancing when he thinks he may spend some time in prison!

    ReplyDelete
    Replies
    1. The idea that any of this doesn't cost us, the economy, our country, and our future is silly. Until we accept that the cost of poor protection is unacceptable it will continue, because it is cheaper to pay the fine than stop the behavior or fix the problem.

      A friend just returned from Europe and reports he had some issues using the swipe-type credit card we in America have grown used to. In Europe the cards are set up to be inserted and withdrawn because a microchip is the identifying safety feature of the card. It is much more difficult to steal info off a chip and off the magnetic strip on the back of our cards.

      The solutions exist to make the hackers' job more difficult and the brain power exists to protect us better. Are companies willing to have lower short term profits for better long term protection? So far, I think we'd have to say, "No."

      Delete
  5. In America, the cost of problems is often less than FIXING problems, just look at car companies who keep letting people get killed in faulty cars, and only fix the problem when forced. (HOW DO THEY SLEEP AT NIGHT!!??)and the tobacco industry and the drug industry,more of the same.Ours is,unfortunately, a society based on greed. Bank of America DID send us a new card with a chip right away.Chase bank says "Don't worry be happy!!"

    I am almost ready to do as Cindy is doing, but that sounds harsh.We use cards to shop for home repair supplies often at home Depot. I pay all my utility bills online.I use credit cards for travel.Maybe we DO need to just go get our cash each month and go back to the "ENVELOPE" system we used in the 1970's as newlyweds!!!!! I try not to worry.. however, I do. Even more scary is the idea of our POWER GRID being so vulnerable, yes I have been aware of that before this post.. more than credit cards and purchases and identity theft.. having our country brought to its knees all at once.. yikes! A terrible thought and one I am SURE the terrorists relish.WHAT TO DO,BOB, What to do??

    ReplyDelete
    Replies
    1. What to do is the ultimate question, isn't it Madeline.

      Delete
  6. Cari in North TexasWed Oct 08, 10:46:00 AM MST

    You raise some interesting and very scary thoughts, Bob. There are no apparent consequences for allowing corporate databases to be hacked into, and until such time as there are, there is no motive for change. We as individuals are bombarded constantly with warnings and tips to protect our identity - shred documents, don't give our personal or bank information, keep your Social Security card at home, ad nauseum. But the ironic thing is that most identity theft happens at the corporate level - stores and banks are hacked, or medical facilities and retail stores leave pertinent information in outside dumpsters for anyone to take. Our local news station does exposes every so often, showing complete records that stores and hospitals just toss in the trash, with all kinds of information clearly visible on them.

    It's frightening, infuriating, and downright wrong. I've seen from my own relatives raising their kids the negative effects of making threats with no consequences, and it's not a pretty sight.

    As Cindi pointed out, the Europeans are doing it right with regards to credit cards. It's frustrating that our American companies are more concerned with the bottom line than they are customer safety and concern.

    ReplyDelete
    Replies
    1. Until there are direct, monetary consequences that hurt more than the stealing of information that businesses seem to consider the cost of doing business, we are screwed. You are so right: we can do everything possible on our end, but we can't force a business to care.

      Even the normal response of "take your business elsewhere" doesn't work when all the data is interconnected.

      Delete
  7. Two things. First, I do feel helpless and hopeless. And for me, normally a pretty upbeat and self-confident woman, that just makes me mad. I really want to go Galt. But I'm pretty sure my husband and I are not on the same page about that.

    As to the credit card technology...I work for a small chain of retail stores and we've been told that in late 2015 we have to have technology that reads the chip cards or any fraudulent use of credit cards are going to be our problem, not the banks or the credit card issuers. That could be an enormous liability for us. So technology is SLOWLY catching up.

    Life is risky. Our culture (government, particularly) has tried to protect us from all risk by over-legislating our lives. It's a futile effort. If we think critically about it, we'd remember that we need to be conscious of the risks, act in ways that minimize them to the best of our ability, but understand and consciously balance risk and reward. Technology adds to the risk, but it also adds a great deal of convenience to our lives. So the real question is how much risk are we willing to accept? It is completely impossible to live in a riskless world.

    ReplyDelete
    Replies
    1. "I really want to go Galt." I love it! Atlas Shrugged is one of my favorite books. Though I disagree with a fair amount of Ms. Rand's philosophy, the idea of escaping to the mountains of Colorado and living with your brains and a common goal with others resonates with me.

      I saw an e-mail today that one of my dad's credit cards will be re-issued soon with the chip technology. Question: how will every single store/business/service in America replace the swipe machines in time?

      Delete
  8. 1. Maybe the NSA should quit spying on American citizens and instead be given the task of providing cybersecurity.
    2. Maybe companies should think again about the wisdom of using the porous Microsoft products.
    3. Maybe we need strong laws to prevent companies from requesting our social security numbers. They should only be used for social security purposes.
    4. Maybe we need strong laws about banks and other companies sharing personal information with their "trusted partners and affiliates." Opt-out isn't the solution.
    5. Who ever consented to credit reporting agencies having their personal information? Stop this now.
    6. We need strong personal privacy laws.
    7. Maybe the general public needs to quit being so trusting of Facebook and other companies that collect and sell our personal information for private gain.
    Maybe we need to get tough with the Russian and Chinese hackers.

    ReplyDelete
    Replies
    1. You have noted several very important holes in our privacy fabric. Thank you for a list that requires some pondering.

      Delete
  9. I worked in the tech industry for decades, and my customers were primarily the Dept of Defense and many of the prime contractors that sold to them. If anyone knew how antiquated and porous the DoD's systems are, oftentimes due to the laborous procurement systems and the biases of program managers, they would not feel as comfortable with our capabilities in that arena. Commercial enterprises, not bogged down with the hierarchy that the DoD and other Govt agencies deal with, are much better in their implementation of technology and security software, as hard as that is to believe. Anonymous hit the nail on the head - this is a group that has implemented Microsoft products in a huge way, "because they cost less". But because the initial cost comes out of one bucket, and the ongoing maintenance costs of implementing inferior systems another, the total costs to the taxpayers are much, much higher. Nothing I have seen over 30+ years has changed that equation, either.

    As long as the emphasis on major American companies is the stock options and pay of the executive suite, many common sense approaches to the problems of hacking will have bandaid approaches made to them. Oh, a lot of lip service will be paid to this problem, but most management of American corporations are not that serious about the issue. Sorry to sound so jaded, but decades in American industry will tend to do that to you.

    ReplyDelete
    Replies
    1. I very much appreciate your "insider" view. Those of us with only anecdotal evidence need to have our thoughts confirmed or discounted.

      "Lowest bidder" may not be the best way to protect ourselves. But, then again as we know from the $600 hammer stories, neither is a lack of competitive bidding.

      It all comes back to personal consequences, a vital step still MIA.

      Delete
  10. I consider myself a careful person. Even so, in the last 10 years I have had fraudulent credit cards opened in my name (I suspect from a cruise); had my debit card info stolen (from a skimmer gadget at a gas station), not to mention multiple notices from vendors on stolen info, including the SC Tax Dept, NY retirement system, etc. Fortunately, I have ultimately been made whole, but it is anxiety provoking. There's so much money to be made from fraud...why steal a purse, when you can steal millions of IDs?

    Things will only change when industries decide it costs more to have lax security than to spend the money to prevent it. '

    As an aside, Target alerted to me on #1, calling me at home, although I was not a cardholder, and prevented greater losses. I felt bad when they had their recent problem.

    ReplyDelete
    Replies
    1. I will be the first to admit that the really good hackers are probably able to defeat almost anything thrown at them. Even so, businesses have been too lax in strengthening their firewalls.

      Delete
  11. One tip for protecting yourself from ID theft is to freeze your credit with the three major credit agencies. Because many seniors are not commonly seeking new lines of credit it makes a lot of sense. It is easy to do online and after you do so, no one can open new credit with your ID lines without your secret PIN that each company provides. It costs ten bucks per agency and any bank, credit card or insurance agency that you currently do business with will still be able to check your credit if necessary. Thirty bucks for peace of mind.

    I did this several years ago and sleep a little better as a result.

    ReplyDelete
    Replies
    1. I was aware of that but had never followed up. Thnks's, Rick, for an easy-to-take step.

      Delete
  12. Banks own this country. No matter how much government gives lip service to 'making them accountable', they haven't done a thing. I can tell you first hand how much they've screwed up the mortgage industry, but I can't bear to think about it any more. Until every government official gets out of the banks pockets nothing much will change. It's simply up to us to keep a close eye on our own money. Never trust a bank!
    b

    ReplyDelete
    Replies
    1. I just read of another instance where the government is getting ready to fine a bunch of banks for behaving badly. The cynic in me says the government just waits for a problem and then fines the companies involved: a new and consistent source of income for the Treasury.

      Banks and investments houses have forked over hundred of billions of dollars in fines and settlements, yet they continue to act in the same manner and pay the head people millions in salary. Why? ask I again, Why? Because their profits are so much higher than any fines and costs.

      Delete
  13. This morning I read Diary Queen announced card issues, and the last straw for me was my bank notified me today that my debit card was fraudulently used by a retailer and they caught it and are issuing me a new debit card, and so as of today, I'm doing cash only/envelope system. The inconvenience is worth the piece of mind for me. Sandy

    ReplyDelete
    Replies
    1. My wife is upset: we learned to love Dairy Queen desserts on our west Texas RV trip 2 years ago. You have taken about the only step one can take, though cash only eliminates on-line shopping as an option.

      As of last week I have taken three of our four credit cards and put them in a drawer. Everything is now done on one card, making it much easier for me to keep track of purchases and billing. It has the additional advantage of allowing me to quickly review use of the card for any fraudulent patterns.

      Delete
  14. The only thing I now use my debit card for is to get money out of the ATM. For everything else I now use a credit card or use the debit as a credit card (signature, not PIN). I have even considered dumping my debit card and just getting an ATM card so I can get cash and use credit cards for everything else. My credit union said that is an option if I wish.

    I also check my accounts online several times a week and look at recent charges. On several occasions I have seen charges from unfamiliar vendors for 50 cents or a couple of dollars. I immediately disputed the charges. I had a bank security rep tell me that these small charges are "probe" charges by the bad guys to see if the account is active and no one is paying attention, or couples who think their spouse made the charges. If no one responds they then hit your account for big charges in the hundreds or thousands. Watch your account and if charges are unfamiliar and/or small call your bank security and fraud department right away. They have always been responsive and helpful with me.

    ReplyDelete

Inappropriate comments will be deleted