GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?

Table of Contents

Lead Story

Mission: ETA


Industry Update

Make a mark, take a stand

Mobile commerce popular, NFC lagging

Accepting payments, iPhone style

Antisocial online networking: ID theft

Aite busts merchant retention myths


Miles Mulcare

Growth in payment risk can be mitigated

Eston Fain
AQ2 Technologies

Selling Prepaid

Prepaid in brief

Virtual gift cards given a twist

GPR cards and reload networks: A complex relationship

Continental Prison Systems Inc.
The 'get out of jail' card


Regulation, deregulation, self-regulation

Patti Murphy
The Takoma Group


Street SmartsSM:
Go ahead, work some magic

Jason Felts
Advanced Merchant Services Inc.

Work/life balance, an employers' issue

Curt Hensley
CSH Consulting

Think outside the converter box

Dale S. Laszig
DSL Direct LLC

How to win back e-mail jilters

Nancy Drexler
SignaPay Ltd.

Get what you want from your staff

Vicki M. Daughdrill
Small Business Resources LLC

Get what you want from your staff

Vicki M. Daughdrill
Small Business Resources LLC

Steer clear of buyout pitfalls

Adam Atlas
Attorney at Law

Company Profile

Velocity Merchant Services

Metro Merchant Services

New Products

The 21st century signature

Company: ElectraCash Inc.

Taking a cue from teens

Smart Transaction Systems Inc.


Just say no to bootstrapping



Resource Guide


A Bigger Thing

The Green Sheet Online Edition

March 23, 2009  •  Issue 09:03:02

previous next

Antisocial online networking: ID theft

In a March 3, 2009 webinar, Melih Abdulhayogulu, Chief Executive Officer and Chief Security Architect for Internet security company Comodo, said the social networking Web site Facebook "is like a car with no seatbelt." The comment was made during a discussion of identity theft occurring through online social platforms.

In assessing the potential scope of the problem, Abdulhayogulu compared social networking to "phishing" scams perpetrated in the last decade. Phishing involves predators posing as banks or other trusted institutions to elicit sensitive information from e-mail users.

He said that phishing started "as a joke" in 1999 and 2000, but has since "become a multibillion dollar industry" and that data theft on social networks could mushroom in the same way.

"Phishing [uses] e-mail as a platform to distribute the spread [of fraud], whereas now we have social networking that allows itself to be the distribution network," Abdulhayogulu said.

He believes large-scale prevention is feasible but would require measures from both the users of social networking sites and the companies, like Facebook, who operate them.

"There is no single silver bullet - there has to be a layered approach," he said. He enjoined users not to share sensitive information online and to use applications that protect against malware. But he reserved most of his criticism for the online companies.

"We need to start utilizing the next level of [data security] technology," he said, adding that banks are already using such technology, as required by the Federal Deposit Insurance Corp.

"There's no reason why Facebook shouldn't be using those technologies to secure access for users."

Abdulhayogulu pointed out that, in general, the methods of identity verification used in the United States are outmoded. He added that less vulnerable identifiers are already in use in Europe. "The systems we rely on are 50, 60, even 70 years old," he said. "We have to change what makes you unique. We use Social Security numbers, and nowadays there is no security around a Social Security number or your surname or your address.

"So what we [need to] change is what is used as a unique identifier, and once we put in cryptographic abilities ... it will be very difficult to forge." Abdulhayogulu also urged that we not wait for a "9/11 effect" before securing social network sites.

"We've seen this over and over - that technology adoption happens; then something happens that make us think twice; then we try to include security," he said. "Banks have been able to keep [scams] under wraps to a level by simply giving out the money people lose from phishing... but social networks are not going to be able to compensate their users."

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

North American Bancard | USAePay | Board Studios