The cyber security industry is comprised of many different
facets, each with an important role to play in the fight against online identity theft and identity fraud.
Topics ranging from the latest in transaction protection software to known
vulnerabilities and software patches are available across countless
publications and blogs. But as important as it is, consumer protection, which
is largely out of the control of any one business, receives little coverage.
This is because, as a topic, consumer protection sits on the cusp between its own
unique range of issues and its importance as a part of the business fraud
protection cycle. Every business should keep in mind that fraud prevention
truly begins with the security level of your customers’ online interactions.
Ars Technica brings the widespread lack of consumer protection into perspective
with its recent article, in which iMPERVA
performed an analysis of the password compilation left behind after the RockYou
social networking hack. The results are disturbing—of the 32 million passwords
studied, half are susceptible to basic dictionary attacks based on their simplicity.
The most common passwords were found to be as easily guessable as “12345” and
“password.”
While Ars Technica comments on the lack of security measures
being taken by RockYou in particular, we feel this bears noting as a call for
all businesses to pay close attention to their own security measures, including
consumer id verification and id authentication procedures. The prevalence of such simple passwords suggests
that other accounts such as e-mail and more personalized social networking
sites, like Facebook, might be just as easily accessible, leading to a much
higher risk of identity theft and fraud. It is up to businesses to make sure
they themselves are secured against fraudulent transactions and cyber attacks
stemming from consumer exploits.