The Cloud of Clouds: Amazon Web Services

Amazon Web Services is a cloud-based service hosted by Amazon.com, which provides numerous tools for web-based businesses. The service’s primary function is to help businesses of any size compute and store data.

Solutions available to both businesses and consumers include:

  • Application Hosting
  • Backup and Storage
  • Content Delivery
  • Databases
  • E-Commerce
  • Enterprise IT
  • High Performance Computing
  • Media Hosting
  • On-Demand Workforce
  • Search Engines
  • Web Hosting
  • Media and Entertainment
  • Life Sciences

Let’s say you run a small business that is rapidly expanding. You probably already have a basic website, and perhaps a local or national company to handle your data traffic. But when your traffic is suddenly growing exponentially and you find yourself needing more bandwidth, that’s where Amazon Web Services comes in. Their cloud is ready and waiting to handle whatever your clients can throw at it.

But what really makes Amazon’s cloud stand out from the rest is that it isn’t just a “server.” The features listed above include software and other tools that allow developers to work seamlessly with Amazon’s platform. They have created a service that almost any business can plug into, right out of the box.

Security is paramount. Amazon states: “In order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with security best practices, provides appropriate security features in those services, and documents how to use those features.” More here.

Google has applications and user-friendly web services that we, as employees or consumers, use on a daily basis to administer, communicate, and organize information.

Apple has their proprietary platform, and they make certain code open to developers who create games and software for iPhones and iPads.

Amazon Web Services provides cloud-based platforms and software, which makes it possible not only for businesses to function, but for developers to create exciting new technologies. That’s what makes their cloud the cloud of clouds.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Regulation E Protects Consumers, Not Businesses

Consumers enjoy a certain level of protection that business bank accounts do not, and it’s called “Regulation E.”

Here is Regulation E in black and white:

ELECTRONIC FUND TRANSFERS (REGULATION E)

Limitations on amount of liability. A consumer’s liability for an unauthorized electronic fund transfer or a series of related unauthorized transfers shall be determined as follows:

1. Timely notice given. If the consumer notifies the financial institution within two business days after learning of the loss or theft of the access device, the consumer’s liability shall not exceed the lesser of $50 or the amount of unauthorized transfers that occur before notice to the financial institution.

2. Timely notice not given. If the consumer fails to notify the financial institution within two business days after learning of the loss or theft of the access device, the consumer’s liability shall not exceed the lesser of $500 or the sum of:

(i) $50 or the amount of unauthorized transfers that occur within the two business days, whichever is less.”

Businesses do not get this kind or protection. So when business accounts are compromised, they often have to fight for their money. And today, more than ever, they are losing. But banks are losing, too. The only winners here are the criminal hacking enterprises.

In order to meet the Federal Financial Institutions Examination Council’s compliance guidelines by January of 2012, banks must implement multiple layers of security. Called out in the recent FFIEC guidance was using complex device identification and moving to out-of-wallet questions. 

Financial institutions and their clients aren’t only losing millions to fraud; they are losing millions more fighting each other. It makes more sense for banks to beef up security (all while properly managing friction for legitimate customers) than to battle with their customers.

Financial institutions could protect users and themselves by incorporating device identification, device reputation, and risk profiling services to keep cyber criminals out. Oregon-based iovation Inc. offers the world’s leading device reputation service, ReputationManager 360, which is used by leading financial institutions such as credit issuers and banks, to help mitigate these types of risk in their online channel.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Fox News. Disclosures

Cloud-Based ATMs Coming Your Way

Criminals often target cash machines, as well as various other automated kiosks that dispense DVDs, tickets, or other merchandise. They have discovered numerous techniques for compromising these devices. According to the ATM Industry Association (ATMIA), ATM fraud alone results in over a billion dollars in losses each year.

But manufacturers are fighting back.

Diebold, a security systems corporation and the largest ATM manufacturer in the US, has developed a prototype for a “virtualized ATM.” The new machines will utilize cloud technology to enhance security, mitigate fraud, and improve operational efficiency, delivering an optimal consumer experience.

Unlike traditional ATMs, these new machines will contain no onboard computer. Instead, each individual terminal will be connected to a single, central server, which will provide resources to a fleet of cloud-based ATMs.

This advancement will give banks and ATM operators greater control over multiple machines. Servicing the new ATMs will be easier and more efficient, with more updates and less downtime.

For consumers, the most noticeable differences will be better service and security. Over time, the savings in operating cost can be put toward upgrades in card technologies, near field communication, and possibly even biometrics.

The emergence of cloud technologies will speed up the adoption of many new, more convenient and streamlined offerings. The future is here, and it’s fun!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

The Evolution Of Online Fraud Prevention

Around 1994, when I operated a small mail order catalog business, it was very difficult to obtain “merchant status,” or approval to accept Visa, MasterCard, Discover, and American Express cards. It was easier if you had a storefront, but payment processors made mail order businesses jump through more hoops.

Their main concern was that companies could set up shop, accept tons of credit card charges, and then vanish, leaving the banks short. Mail order fraud was also big. A stolen credit card could be used to place orders over the phone, and when the fraudulent charges were discovered, merchants would suffer from chargebacks.

At the time, it wasn’t even necessary to provide a correct expiration date, as long as the card wasn’t already expired. Then credit card companies began verifying billing addresses to authenticate mail orders. Eventually, an additional verification code was added to cards, referred to as a CVC or CVV. We still use these codes today, but they can be fraudulently obtained in a number of ways.

When merchants moved from catalogs to websites, IP addresses were used to track transactions. But bad guys figured out how to spoof them.

Now we have a number of new technologies designed to fight credit card fraud. The most effective and widely implemented is device reputation, an effective online fraud prevention method that helps protect retailers from fraudulent CNP transactions by examining the computer or other device for a history of unwanted behavior, plus any suspicious activity at the time of transaction.

If a customer’s PC, smartphone, or tablet indicates an abnormally high level of risk, the merchant can reject the purchase in advance. iovation, the global leader in device reputation, flagged 35 million online transactions as high-risk in the last year for its clients and will flag 50 million or more by the end of 2011.

Protect yourself from credit card fraud by checking your statements regularly. Set up your own email alerts so that at a minimum, you are notified of any transactions over your specified amount occur on your account.  Businesses set up triggers and alerts to protect themselves, shouldn’t you?

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit and debit card fraud on CNBC. Disclosures

It Takes Sharing and Organization to Fight Organized Crime

The amount of money made and lost due to fraud is surpassing the illegal drug trade. A digital arms race has law enforcement officials nipping at the criminals’ heels. Retailers and banks continue to fight criminal hackers, but are being bombarded by advanced, persistent threats that eventually make their way into the network.

There are data breaches every week, and I’d bet every day, but we may not hear about the majority. All of these breaches have a method, signature, or feature in common, which retailers and banks can learn from.

Criminals are organizing like never before. They are learning from each other, sharing information and strategies. When one publicizes an exploit, other criminals execute it, leading law enforcement off in a new direction. It’s like a vicious game of whack-a-mole.

Today, governments around the world are organizing to fight fraud. But what’s even more exciting is that competing banks, retailers, and small businesses are all sharing fraud information to help each other out. These fraud targets are finding strength in numbers.

Oregon-based iovation Inc. has created an exclusive network of global brands across numerous industries, with thousands of fraud professionals reporting more than 10,000 fraud and abuse attempts each day. iovation’s shared database contains more than 700 million unique devices including PCs, laptops, iPhones, iPads, Android, Blackberries—practically every Internet-enabled device that exists.

Many leading banks and big brand retailers use this device reputation service to detect fraud early by not only customizing their own real-time rules to set off triggers, but they leverage the experiences of other fraud analysts to know if the device touching them at this moment has been involved in chargebacks, identity theft, bust-outs, loan defaults, and any other kind of online abuse you could imagine.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

Cars in the Cloud

People love their cars. My 80-year-old mother-in-law goes nutty at the thought of not being able to drive. “Take my car and you take my freedom,” she says. I understand where she is coming from. Personally, I don’t like to drive. But I do like riding my Harley!

Many consider cars synonymous with freedom. Cars allow you to go places and have experiences that you otherwise wouldn’t. That’s why it’s so exciting that cars are now being equipped with lots of new features, including technology that can essentially meld your car with the Internet!

Ford recently unveiled the Evos, a car that learns your driving preferences and uses its Internet connection to provide traffic information and other useful details. It can tailor the suspension and driving modes based on your driving style and ability. It can also detect the driver’s heart rate. The Evos is a concept car, but Ford plans to release a similar model within the next several months.

OnStar offers “RemoteLink,” an application for your iPhone or Android, which allows Cadillac, Chevrolet, Buick, or GMC owners to view real-time data including fuel range, gallons of gas remaining, and lifetime MPG, lifetime mileage, remaining oil life, tire pressure, and account information. Chevrolet Volt owners can view their car’s electric range, electric miles, MPG, and the battery’s state of charge, as well. Users can also remotely perform certain commands, such as unlocking doors, with this application.

The New York Times reports that Google “has been working in secret but in plain view on vehicles that can drive themselves, using artificial-intelligence software that can sense anything near the car and mimic the decisions made by a human driver.”

The benefit of this technology is the potential for Internet-connected vehicles to communicate through the cloud, working in tandem to prevent accidents, conserve fuel, and facilitate a more efficient flow of traffic.

Sounds like a big stretch from my heavy old 1970 Chevy Impala!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Dumb Ankle Monitor Wearing Home Invader Busted

If you ever decide to get all hopped up on drugs and seek some extra cash to feed your fix, I’d suggest not wearing your governmental department of corrections court ordered previously installed GPS ankle-monitoring bracelet to your next home invasion.  Chances are you’ll get caught.

But as tongue and cheek funny this may be, this home invader “leveled a shotgun at a young couple and their infant child.”

It’s scary to know that hardened criminals are only tethered by a “signal” and don’t care about getting caught.

Companies that provide ankle bracelets set up their products to send a signal to a GPS satellite every minute to track its location. That information is logged into a data base. If the “tracker” which could be a parole officer or law enforcement has the system set to notify them if the criminal is outside of their required boundaries, police are dispatched.

But in many situations criminals with GPS ankle bracelets can roam free. It’s only when they cut the bracelet off that a signal is sent to the devices last location.

Here are 5 tips to help keep you safe and prevent a home invasion:
1. Never talk to strangers via an open or screen door. Always talk to them through a locked door.

2. NEVER let children open the doors. Always require and adult to do it.

3. Install a home burglar alarm and keep it on 24/7/365. With a home alarm system on, when someone knocks on the door, a conscious decision has to be made to turn off the alarm. Most people will keep it on.

4. Not all home invaders knock, some break in without warning.  Just another reason to have that alarm on.

5. Install a 24-hour camera surveillance system. Cameras are a great deterrent.  Have them pointed to every door and access point.

Robert Siciliano personal and home security specialist toHome Security Source discussing ADT Pulse on Fox News. Disclosures

Trust: A Rare Commodity Online

People lie when they set up online dating profiles, they lie when they put up fake social media profiles, and they lie to the innocent victims of their scams.

Banks and retailers know better than anyone that people lie. There are countless scenarios and justifications, but people who lie invariably do it in order to get something.

In general, we strive to be a kind and civil species. We trust by default. We want to be helpful and accommodating. We don’t want to believe that people lie, but they do.

Dishonesty poses a challenge to banks and retailers in the form of theft. Theft is a big problem on the Internet, and any online business knows that they can’t afford to trust you, regardless of how honest you may be.

The Federal Financial Institutions Examination Council recently instructed both retailers and banks to enhance their security procedures, in response to the increasingly creative lies concocted by scammers.

One of those FFIEC recommendations involves incorporating complex device identification. This means that banks and retailers should adopt technology that actually recognizes and analyzes the PCs, smartphones, and tablets being used to access their websites. Once the device is identified, knowing the device’s reputation is where it really gets interesting. Is it acting suspicious or is it a known device that has been used in a fraud ring, in money laundering, or has been attempting account takeovers?  Knowing the device’s reputation lets businesses know ahead of time who they can trust online.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston. Disclosures

 

Beware of Robo-Call Scams

While out for an evening with friends talking about everything under the sun, including security, which I’m obsessed with – and people often quiz me anyways, my mobile rang from an “unknown” number. The caller, a computer, stated “Hello, this is a call from Eastern Bank. Your MasterCard account has been locked. Please press 1 now to unlock.” Eastern Bank is local to me.

This is hilarious because I don’t have an Eastern Bank account and I’m in the middle of a conversation with someone about identity theft. So I immediately put my phone on speaker and played the message for everyone who proceeds to look at me and then ask “whats wrong with your Mastercard?” While I’m laughing at the call, they are concerned about my card, not initially realizing this is a scam. No longer funny, this saddens me because these are intelligent people who could easily get bit by this crime.

So I had to explain that this is a “Robo-call scam” where scammers simply use free technology to call thousands of random people by telling a computer to call 555-1212 then 555-1213 in sequential order. Eventually someone is going to press 1 and enter all their credit card information and end up being compromised

I did a little research and Eastern Bank posted this warning that anyone from any bank should heed:

Notice of Fraudulent Phone Calls
Eastern Bank has been made aware that customers, as well as non-customers, are receiving automated calls on their cell phones with the following message:

“This is a call from Eastern Bank. Your MasterCard account has been locked. Please press 1 now to unlock.”

The recording then instructs the individual to enter their debit card number. There may also be a variation of this phone call that references other banks or asks the customer to enter their debit card number in order to activate it.

Please hang up and do not press 1.

Please be advised that these calls are a scam and are not being made by Eastern Bank.  This is a phishing attempt by criminals to obtain your personal account information.  Never provide your debit card number or any other private information in response to an unsolicited phone call or email.

REMEMBER: Eastern Bank will NEVER ask you for any private information (such as account numbers, passwords, Social Security numbers) through an unsolicited email or phone call.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures

Daylight Back to Back Burglaries In Same Town

Most people think that burglaries happen at night, in the dark when burglars can creep undetected. But the reality is most burglaries happen during the day when you are at work. Burglars work too, in the day, 9-5, like you. This is why a home security alarm is so important.

In Warwick Rhode Island police are on the lookout for someone who forced their way into two homes that apparently didn’t have home security systems. Why in 2011 someone doesn’t have an alarm that sends a shrieking siren and calls the police is just mind boggling to me. Anyway the burglars apparently spent a significant amount of time there because they turned everything upside down and were able to steal “large quantities of jewelry, laptops and other electronic equipment from the properties.”

The statement “large quantities of jewelery, laptops and other electronic equipment” is further distressing because these people were naïve enough to believe they wouldn’t be targeted and didn’t even have the sensibility to get a safe!

In one instance the burglars broke a window near a door and were able to reach inside and get a key that was in the lock! Anyone that has a door surrounded by glass should invest in a window film glass protecting product called “Shattergard” that makes it difficult for a bad guy to simply break a window and reach in.

Robert Siciliano personal and home security specialist to Home Security Source discussingADT Pulse on Fox News. Disclosures