Security Watch

Bigger Is Better

Sometimes it pays to be bigger than your enemies.

That certainly worked for the Internet infrastructure firm Akamai Technologies Inc., which helps companies transmit data and defends against denial-of-service attacks. Its retail customers include Amazon.com Inc., one of many companies that hackers went after this month in retaliation for cutting service to WikiLeaks.

Even as the websites of major companies like MasterCard Inc. and Visa Inc. were blocked during what the hackers called Operation Payback, Amazon.com avoided being shut down. Akamai learned how to adapt to denial-of-service attacks (in which a website is essentially knocked offline by receiving more traffic than it was designed to handle) in 2004 when some of its biggest customers, including Microsoft Corp. and Yahoo Inc., were shut down, according to a story in the Dec. 20 Boston Globe.

After the 2004 incident, Akamai built a network of redundant lines and a server farm of 80,000 machines in 70 countries. So when Amazon.com and a number of other retailers it serves got hit with 10,000 times their normal traffic this month, Akamai's lines merely rolled over to extra server capacity, and Akamai's engineers hardly noticed the attacks. The Globe reported that hackers acknowledged they lacked the capacity to knock Amazon.com offline.

"The Hive isn't big enough to attack Amazon," they wrote in one post.

G-Listed

For those who wonder if the financial websites they visit have been hacked, Google Inc., which itself has suffered hack attacks on its Gmail system, is offering a service that tells consumers whether they've landed in enemy territory, The New York Times reported Dec. 20 on its Bits blog.

Google already compiles blacklists of sites that have been compromised or that may be dangerous. Now it will section off potentially dangerous websites using a tab that says "This site may be compromised." Google told the Times that it will attempt to contact the site's operator to report the problem, and once Google is satisfied the issue has been rectified, the site will be removed from the search engine's quarantine.

Mending Medicare

Medicare is taking a page from the technology playbook bankers use to fight fraud in the credit card industry, The Boston Globe reported Dec. 16.

The Department of Health and Human Services will begin using predictive modeling to gauge in real time whether health care providers are committing fraud.

Medicare is required to pay claims within three weeks of the time they are submitted, and that makes it more difficult to track fraud, the article said.

The data analytics engine the department plans to use will search for abnormalities in claims by examining all claims paid to a particular provider and flag the ones it thinks are suspicious. One example of a suspicious claim would be hundreds of blood tests ordered to a single patient the same day.

Congress has set aside $350 million over the next 10 years to fight health care fraud, the article said.

Debit and Credit

When all is said and done, debit cards may have fewer protections than their revolving cousins when it comes to theft and fraud.

According to a Dec. 15 Reuters report, the same zero-liability protections that make credit cards such a great deal for consumers do not necessarily apply to debit. "They don't have the same legal authority as credit card protections, and may not always kick in," a spokeswoman for the Federal Trade Commission said, according to Reuters.

Average debit card fraud was $3,677 in 2009 and went undetected for an average of 35 days, though it took banks just 24 hours to resolve problems once they detected them. Reuters recommended consumers use credit cards as a safer option, assuming they pay their balances in full each month.

iSpy

It's well known that browsers collect information about consumers' Web surfing habits online, information that Internet marketing companies buy and resell to banks and others to market things like credit cards. Now it seems smartphones are collecting and transmitting the same information.

The Wall Street Journal reported Dec. 18 that it tested 101 apps popular on the Apple Inc. iPhone and Google Inc.'s Android platform, and found that more than half of the apps transmitted the phones' Unique Device ID to companies without the user's realizing it. Forty-seven of the apps transmitted a user's location. Five sent personal details such as age and gender.

Computer users can block cookies or block transmission of identifying information, but smartphone users cannot opt out of the information gathering and transmission.

Neither Apple nor Google requires privacy policies for their apps, and nearly half the apps didn't offer consumers a privacy policy, the study found. Apple told the Journal that the apps it approves for sale are not allowed to transmit information about users without their permission.

Penalty

The former financial adviser to Philadelphia Eagles quarterback Michael Vick was sentenced Monday to more than five years in prison and three years of supervised release for running a Ponzi scheme that stole $3 million from prominent athlete investors and her neighbors, according to an article posted online by the Omaha, Neb., television station KETV.

Mary Wong, of Omaha, frequently took her investors on expensive trips, and she paid for her lavish lifestyle with the money she had stolen.

She promised investors 8% returns, saying she was investing in bonds, real estate and local bank stocks.

Other news sources said that Wong had not been registered to sell securities since 2004, and that the New York Stock Exchange had permanently barred Wong from selling securities since 2007 because she had placed funds from a customer's account in her own personal bank account. Vick sued Wong in 2009 for $2 million for failing to disclose she'd been barred from selling securities. The judge presiding over the case said that Wong posed a great danger to society, and ordered her to repay her clients.

Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any comments, ideas, and suggestions about this column.