09/07/2007 - Do you use the same password for all the different sites you visit that require one? If you do, you’re in the majority, according to a poll of 100 people conducted by UPEK, a manufacturer of biometric products. Half of those who use the same password say that it is based on the name of their spouse, pet, hometown, or favorite baseball team—and it is never changed.
@ More from the UPEK survey, which also considers the public’s acceptance of using biometrics instead of passwords, is at SM Online.
09/07/2007 - Credit card fraudsters are costing the economy billions of dollars each year. Merchants can minimize those losses by taking preventive measures, such as comparing IP addresses to ascertain the distance between the person ordering the goods and the billing address of the online buyer, noting whether a free e-mail address was used, and checking for the use of anonymous proxy servers. A paper from FraudLabs, which offers antifraud services for online merchants, outlines more measures.
@ 10 Measures to Reduce Credit Card Fraud for Internet Merchants is at SM Online.
09/07/2007 - Aligning IT with business goals was the number one challenge facing the majority of CIOs in the public and private sectors, according to a Government Accountability Office report. According to the report, “This challenge requires the CIOs to develop IT plans to support their companies’ business objectives. In many cases this entails cross-organizational coordination and collaboration,” echoing the results from the ASIS study on convergence (see “The Growing Trend Toward Convergence,” page 48).
@ Chief Information Officers: Responsibilities and Information Technology Governance at Leading Private Sector Companies is at SM Online.
09/07/2007 - There are seven steps in a phishing attack, from preparation through successful infection of a victim to the fraud committed using stolen information. Fortunately, there are countermeasures available for each stage. For example, organizations should monitor call volumes and the type of questions customers are asking; a large number of calls regarding password problems can signal a phishing attack. To interfere with the use of compromised information, organizations can use two-factor authentication devices such as biometrics. Instituting delays in some types of money transfers can provide time to detect and void phishing-based transactions.
@ Online identity theft: phishing technology, checkpoints and countermeasures, from the identity theft technology council,is at SM Online.