Credit card details are as openly available as a pair of shoes on the internet, leaving consumers open to serious fraud and businesses at risk of costly legal action.
A recent investigation by internet hosting specialist UKFast found that relatively simple Google searches reveal valuable collections of personal IDs.
One of the many databases found through a simple Google search by UKFast’s security experts flaunts 1,800 valid credit card details processed by an American takeaway, along with names, expiry dates and csc codes. The information is so specific it even provides the distance from the card owners’ homes to the takeaway.
Lawrence Jones, MD of UKFast explains: “Criminals are not just selling single card details; they are selling whole identities online, it is a big business right now. There are many sites that sell personal information as openly as you would sell a pair of shoes.”
Jones suggests businesses are putting themselves, as well as customers, at risk by not properly protecting data. UKFast’s security division monitors security and regularly carries out penetration tests that simulate hack attacks on servers to find any weaknesses and opportunities for improvement. But many companies are oblivious to the fact that storing card and personal details live on a web-server leaves them searchable by Google.
He said: “Businesses are unaware that in risking customer data they may also be breaking the law. Storing confidential information unencrypted, hosting with a foreign provider or hosting with cloud services without knowing where data is stored or how securely it is stored can all contravene the Data Protection Act.”
Jones advised internet shoppers on how to protect themselves. “We need to make it as difficult as possible for fraudsters to find out any extra information about us,” he said.
“Hobbies and relatives’ names act as password clues for many of us yet we still have this information all over social network sites. Having high privacy settings controls who has access to this information. Simple things like having stronger passwords and secure WiFi networks can make all of the difference.”
Personal details including date of birth, mother’s maiden name, workplace and marital status are available through Facebook, LinkedIn or Twitter profiles. Hackers can use these sites to fill gaps in information and steal whole identities that hold a high value in the cybercrime community.
Neil Lathwood, IT director at UKFast says: “Google is very good at indexing, so any indexable back-up files stored on the server, may not be linked to from the website but can still be found through Google and anyone, even without advanced technical skills, is able to find it.”
“One of the best ways to test security is to hack your own site and search for the confidential data, this highlights areas you can strengthen to protect customer data,” he explains.
“The key is not to have your back up files stored unencrypted and live on the server – this is the most common security failure that I see, and to be honest, it is just lazy. Along with this companies need to check their servers have the best protection possible.”
Download our Data Security – Protecting Your Profits booklet here: http://www.ukfast.co.uk/data-security-protecting-your-profits.html
UKFast is one of Europe’s fastest-growing technical companies (as ranked by Deloitte) and has been at the heart of the UK internet industry for more than 10 years. In addition to being named as one of The Sunday Times best companies to work for, it won the UK IT Awards Employer of the Year in 2010.
Previous accolades include the industry’s Best Customer Service Award in 2009 and being named the ISPA UK’s Best Hosting Provider four years consecutively. UKFast has over 400,000 web domains on its network and over 4,000 clients across all industries. Clients include Virgin, Microsoft and UKTV. UKFast is a member of the Cloud Industry Forum.