Today the news is about Customers who paid by credit card at 51 UPS Store locations across 24 states in the USA are at risk of their credit card being syphoned by cybercriminals. Last year end it was the turn of Target’s (large retailer) 98 million customers to have their card data stolen. These are not happening only in the faraway USA.
In Chennai (India) too, city police gets hundreds of complaints every month on money being siphoned from their bank accounts.
As the world becomes more and more connected, payment transactions moving from cash to digital, as individual consumers we too get inadvertently exposed to online security risks. Common people (aam aadmi) knows if he leaves his wallet exposed he is going to get pickpocketed. She takes care to protect her purse, but that’s because cash (and gold) has been around for centuries. In everyday life we do encounter people who imprudently don’t take care of their cash, I see them be either simpleton, who don’t know better or simply fools! But in case of digital payments and online, these are recent technologies and it takes time for common people to learn and understand the risks and protections. I am sharing here about two instances that happened to me yesterday and what I did after that. These made realise that being secure takes effort, but its just common sense.
In the evening after a dentist appointment, I was returning home with wife, we stopped in a nearby retail shop. A few thousand rupees transaction, I gave my credit card, entered PIN (which is nearly mandatory now thanks to Reserve Bank of India rules), collected the items and came home. Few minutes after I got a call from the shopkeeper informing I forgot my Credit Card in the shop. I rushed back, sincerely thanked the guy and collected the card.
But the few minutes the card was not in my possession would have been enough to skim the card to make a duplicate, and observing the PIN when I first entered it would have been easy too. I have no reason to suspect anything in this case, but it is better to take precaution. As soon as I came home, I logged into my bank site and changed the PIN number. I could have called the bank for a replacement card but my threat perception on this was lower.
After the above incident, I was trying a new mail app for Windows (and other platforms too) called Inky. It advertised a unified mailbox experience, modern interface and single sign-on. Once you create an Inky account, setup mail accounts like Google, Hotmail (Outlook.com), you could log in from any device with just the Inky account and it will configure all your mail accounts automatically. Basically Inky was storing your mail account details on their server, they promise to safely store all the passwords with strong encryption seeded with the Inky password.
After spending few minutes with the app I was not impressed. I saw no compelling feature and there was no way to view/edit my contacts that are already on Google & Hotmail. Lack of Address Book is a big turn off for me. Before uninstalling the app, I disconnected the accounts (Gmail, Hotmail) and deleted the Inky account too. I have no reasons to doubt the sincerity of Inky, but being in a state of paranoid I was, I changed my Google & Microsoft (Hotmail) Account passwords. It has been a long time I had changed the passwords and they were, in a sense due, for a change!
I spent a good part of 30 minutes – may be unnecessary, but it gave me peace of mind. As wise men say “Better to be safe than sorry”
Also published on Medium.