Credit Card Agreements Easier to Understand Than Facebook, Google Policies

Just how complex are those user agreements that most people skip reading when they sign up for Facebook or Google?

More complex than a credit card agreement or a government notice, according to a study released Tuesday by branding firm Siegel+Gale. On average, 400 survey participants who had carefully reviewed the agreements were only able to answer four out of 10 comprehension questions about the policies after their review.

What's worse, of users who did understand the policies or had them explained to them, 75% said they would change their Facebook privacy settings and 63% said they would be more careful about how they used Google in the future.

'It's time for these online giants to recognize that their policies bring an unacceptable web of complexity and risk to the lives of their users. The lack of understanding of online privacy is pervasive,' said Thomas Mueller, global director of customer experience of Siegel+Gale. 'Bringing greater simplicity to what Web users read online will engender trust among users and only benefit Facebook's and Google's reputation.'

Among the study's other key findings:

• The comprehension rates for credit card agreements (70%) and government notices (67%) were far higher than those for Google (36%) and Facebook (39%).


• Just one in five Facebook users were able to figure out how to block a third-party application or website from accessing information they shared on Facebook after reading the social network's privacy policy.


• Less than one in four Google+ users could figure out whether their profile was publicly viewable to anyone after reading Google's privacy terms.

All of these issues are compounded by the fact that privacy policies, particularly those used by social networks, are ever-evolving and ever-changing. Even if a user can understand a privacy policy, it can - especially in the case of Facebook - change without their knowledge. 

'This complexity erodes trust and jeopardizes online privacy,' said Irene Etzkorn, executive director of simplification of Siegel+Gale. 'Clearly, Facebook, Google and other online service providers operate based on consumer trust, and failure to address privacy concerns in a meaningful way will lead to consumer disenchantment and additional regulatory restrictions.'

Read More

State Bank of India launches virtual debit card to curb fraud in ecommerce transactions

The State Bank of India (SBI) has introduced a virtual debit card called State Bank Virtual to address the users’ concern about debit card fraud while doing ecommerce transactions. The electronic card can be created by the account holder or customer using SBI's Net banking facility for ecommerce transactions. State Bank Virtual has a limited shelf life and can be used for only one transaction to limit the exposure of the account.

It allows the user to create a virtual card for any online transaction and the person is not required to share details of the principal account on the merchant Website thus insulating the account from any possible fraud.

There is no charge on creation of the card and the customer can create any number of cards at the same time. The card is created for each online transaction and is valid for maximum of 48 hours. There is no transfer of balance from the principal account in as much as only a lien is marked on the account. Actual transfer of balance takes place only when the customer does the actual transaction online, SBI said.

"All forms of transactions, be it Internet banking, credit and debit cards, are fully secured but there are some people who are scared and hold back from online transactions on fears of compromise of data. The main objective behind this new product is to provide relief to these customers and give a push to e-commerce," Richhpal Singh, DGM, Payment Systems, SBI has said in a statement.

Read More

Got Visa or Mastercard? Your Data May Have Leaked

The personal data of thousands of customers — from all major credit card brands — has been leaked from a third-party processing company.

The massive leak was first reported by the security news blog Krebs on Security, following reports that MasterCard and Visa were warning banks of a possible breach.

According to a follow-up story from The Wall Street Journal, the breach came from the Atlanta-based payment processing firm Global Payments, not from a credit card company. Global Payments works with debit cards, credit cards and gift cards.

The Wall Street Journal’s report suggests the possible window for the breach was between Jan. 21 and Feb. 25.

So far, there are no indications that any customers have experienced fraudulent transactions on their accounts.

MasterCard said it was investigating the breach, and that its core network was not hacked.

“MasterCard is currently investigating a potential account data compromise event of a U.S.-based entity,” MasterCard said in a statement. “As a result, we have alerted payment card issuers regarding certain MasterCard accounts that are potentially at risk. It is important to note that MasterCard’s own systems have not been compromised in any manner.”

MasterCard added that it has notified law enforcement of the breach and an “ongoing forensic review” has been launched.

Visa also acknowledged a “data compromise” of an outside company, but said there was no breach of Visa’s own network.

“Visa Inc. is aware of a potential data compromise incident at a third party entity affecting card account information from all major card brands,” Visa said in a statement. “There has been no breach of Visa systems, including its core processing network VisaNet. Visa has provided payment card issuers with the affected account numbers so they can take steps to protect consumers through independent fraud monitoring and, if needed, reissuing cards.”

Neither Visa nor MasterCard issue their own credit cards. Instead, they process transactions made on cards issued by banks and other financial institutions.

Read More

Online banking: Money-stealing malware on prowl !

Doing online banking frequently? Beware, as cyber-criminals have launched a new malware that not just steals your money from your bank, but also offers false reassurance that it's still there, experts have warned. 

The attack, a new version of trojan horse SpyEye software that targets computers using Windows, has been detected in the US and the UK. 

According to Trusteer, a security company which detected the attack, the software, which steals your bank passwords to give access to your account, waits for you to enter the same banking details before "adjusting" what you see. 

The idea is to gives criminals more time to use debit card details on fraudulent transactions without the person realising it's happening, the Daily Mail reported. 

The malware is designed in a way that when one visits his or her online bank, there will be no trace of the transactions that cyber-criminals are using to empty the bank account. 

Worse, the balance will also be adjusted on screen so it looks as if nothing is happening, Trusteer claimed. 

"The next time the victim visits their online banking site, the malware hides the fraudulent transactions, as well as artificially changing the total balance," it said. 

"As a result, the deceived customer has no idea that their account has been 'taken over', nor that any fraudulent transactions have taken place." 

"SpyEye is a tweak of the Zeus crimeware kit that grabs web form data within browsers," says the Naked Security blog at web security experts Sophos. 

"The new Trojan, instead of intercepting or diverting email messages, hides bogus transactions even after users have logged out and then logged back into their accounts. 

With hi-tech cyber attacks such as SpyEye, there are few visible signs that anything is wrong. There are defences, though -- ensure your browser is up to date, manually updating it if necessary, experts said. 

Thus, it is important that users should ensure that the "anti-phishing option is switched on" in their web browser that which will check for "blacklisted" websites and prevent the browser from being directed to the "fake" version that delivers your bank statement, they added.

Read More

Hackers Steal 45,000 Facebook Passwords & Logins

A rampant worm by the name of Ramnit has stolen login and password information for 45,000 Facebook users, mostly in the UK and France. Prowling the 800-million-strong social network, the worm eats user names, passwords and browser cookies. It also acts as a backdoor, meaning a hacker can attack any computer that has already been infected. According to the Microsoft Malware Protection Center, Ramnit infects Windows executables, Microsoft Office and HTML files. The Ramnit worm initially transformed into financial malware in August 2011, according to reports from Trusteer.

'What was once malware designed to steal data from financial institutions has evolved into a social network threat,' says John Weinschenk, CEO at Cybersecurity company Cenzic. 'Bank account numbers and Facebook log-in credentials seem very different, but to hackers, they are equally as lucrative.'

The current composite Ramnit worm is like a Mogwai that has been hit with water, eaten food after midnight, stepped out into the sun and transformed it into a hyper-evil gremlin.

Once Ramnit joined forces with the leaked ZeuS source-code in May, the Seculert blog says it became a 'Hybrid creature.' That is, it took on ZeuS' financial-data investigative nature and gained access to financial institutions. As a result, it compromised online banking sessions and also attacked a few corporate networks. The Ramnit worm burrows through Facebook, spreading malware to the walls of thousands of innocent Facebook users.

'To combat these types of threats, consumers need to be vigilant about changing passwords often,' says Weinschenk. 'Avoid clicking on unknown links, and alert their friends to a potential malicious link they might have posted.'

Facebook spam attacks like this are nothing new. A recent attack that was caused by a browser vulnerability filled users' walls with photos of the Biebs in compromising sexual situations. Not long after, football-loving spammers nailed the Facebook community forum.

Users should keep an eye on their Facebook profiles as social network worms continue spreading.

Facebook says it blocks 200 million malicious actions per day, which include messages that send users to malware. Even still, Facebook spam is growing faster than its user base.

Read More