Credit Card Security

I recently had a miserable experience with credit card fraud and am not looking forward to having more high tech credit cards in my pocket as a result. I was pumping gas at a Chevron station in East Palo Alto. All seemed rather benign and safe. I swiped my credit card in the embedded machine in the pump. It asked me for the usual zip code info, approved and on I went with pumping the gas. I finished, took my receipt and drove off. About an hour later I get an email from Barclays Bank who handles the Virgin America VISA card (really cool looking card) stating that I had possible fraud activity on my card. I checked it online and noticed that there were two charges at that same Chevron station: my first legitimate one and another larger, fraudulent one for $120. I promptly cancelled it and the Barclays Bank folks were really good on the phone.

I asked around with several friends as to how this might possibly have happened. It’s not definitive but it’s theorized that there was someone at the gas station with a wireless device that somehow had activated the embedded chip in my credit card and somehow got access to information that obviously made them capable of a making a fraudulent charge on the card. Another possibility is that the gas pump somehow could have gotten hacked or intruded upon allowing access to be gained to the cards that get swiped through it.

So there are many credit cards with the embedded chips in them for contactless payments with the terminals at several merchants. Are we headed full speed ahead into a brick wall of a security hole with this embedded technology? What else is at risk?

  • Our healthcare with smart tags or cards that carry our health information?
  • Our passports with the new smart chips in them?

Will the move to using our smartphones or cellphones be safer for doing payments and commerce?

U.S. Congressman Twitters in Iraq

So when can someone be TOO connected? There are those that would argue U.S. House Representative Pete Hoekstra is too connected. According to a recent article in Security Magazine, Rep. Hoekstra sent tweets during his recent trip to Iraq. Some of the tweets include: “Just landed in Baghdad. I believe it may be first time I’ve had bb service in Iraq. 11th trip here.” and “Moved into green zone by helicopter Iraqi flag now over palace.Headed to new US embassy Appears calmer less chaotic than previous here.”

I’m a huge fan of the Always Connected User Experience. I’m also a huge fan of social networking and it’s inevitable that we are all living more connected lives than ever before. In fact, my children struggle to remember when they were not connected early in the childhood years. My grandson will never know a time when he, his family, friends, and all those around him were connected especially over ever-present mobile technologies. This also creates what is undoubtedly the BIGGEST threat potential to our security, identities, and privacy.

One of the many great things about President Obama’s administration and his philosophy is that of the first Connected White House. The U.S. government and its many agencies will for the first time collide with the connected lifestyle enabled by social networks and mobile technologies. It will also need to figure out fast how to balance the new Life, Connected a growing population of its members and the need for secrecy and national security, as well as the security of others we are protecting around the world.

Will this drive the need for capabilities in monitoring, detection, policy enforcements, and possibly surveillance of these always-connected mobile devices? Growth of the mobile phone market is estimated at 8% for 2009, according to Gartner. This is based on a slowdown of the market in 2009, but still a growing demand for mobile devices and services. In 2008, 1.28 billion mobile handsets were sold just in that year. So this will mean almost 1.4 billion more mobile handsets will be sold this year alone!

As was the case with Barack Obama’s “blackberry”, new and innovative measures will need to be taken in areas where government, defense, and intelligence security are mandated. The optimal solution does not exist today, so the private sector and high tech industries must work hard and fast to solve the vulnerabilities that exist and are growing, but may not be fully apparent to the evildoers and malicious intentions. My company, AirPatrol Corp., is one of these companies that is trying to offer up the balance of a connected environment with the ability to Detect/Locate/Enforce where security and intrusion policies mandate.

What do you think should be done and who is responsible for making sure it happens?