- CNET NETWORKS UK BUSINESS SITES:
- atlarge.com
- BNET UK
- silicon.com
- SmartPlanet.com
- ZDNet.co.uk
To print: Click here or Select File and then Print from your browser's menu
This story was printed from silicon.com, located at http://www.silicon.com/
Story URL: http://comment.silicon.com/weeklyroundup/0,39024756,39117004,00.htm
The Weekly Round-Up: 21.11.03
Ecommerce password bungle, card fraud, smutty snaps and is The Rabbit a girl's best friend?
By silicon.com
Published: Friday 21 November 2003
Morrissey once sung "stop me, stop me, oh stop me, stop me if you think that you've heard this one before".
And the Round-Up knows how the quiff-topped miserablist felt, because this week the Round-Up has been feeling some pretty serious déjà vu and would really like it to stop.
Several years ago there were a number of high profile security blunders involving websites and their handling and protection of customer data. Remember Powergen?
But the Round-Up assumed those days were now consigned to history and that by 2003 companies would have got it right when it comes to security and protecting customer data.
But sadly this is not the case.
Last Friday silicon.com exposed DIY giants B&Q for some pretty poor security on its flagship DIY.com website (see here for more). And, as with London buses, having waited ages for such a story to come along, two then came along pretty much at once, because come Monday it was the turn of Argos to be exposed for a similar flaw (the details can be found here).
Fortunately silicon.com was able to alert the companies to their respective flaws and both were quick to close down the offending functionality. In both instances the problem lay in the way users logged in to the site, with anybody able to access the accounts without needing to know a password.
All you would have had to do was simply guess a username and then just type in any password. Upon inevitably guessing it incorrectly you would be offered a security question instead. If you answered this correctly then you would gain access to the account.
Not the best level of security and it wasn't aided by customers who selected ridiculously easy prompts. Those who went for 'my first pet's name' should have been fine... those who opted for 'surname of the Chelsea manager?' weren't so safe.
In fairness, they probably didn't realise what an integral part their selection was going to play in the two sites' patchwork of porous security but still, that's not a million miles away from using 'password' as your password (...and shame on anybody who just thought: 'But I do that').
One angry retail group called our reporting a "non-story" and a "fifth-rate story". (Come on guys, which is it?)
silicon.com (obviously) withheld publishing details of the potential breaches until both sites had fixed their flaws and we then urged the companies involved to contact their customers and inform them.
We cannot say any customers were defrauded or any accounts were actually breached but in such instances we believe customers should be presented with all the facts so they can decide what course of action to take regarding their accounts.
While B&Q eventually did contact its customers - advising them that for peace of mind they may want to change their log-in details - Argos has resolutely refused to inform its customers, favouring the 'mushroom approach' to customer care.
Continued questioning of why Argos has not informed its customers met with a standard response.
"The company will continue to maintain its commitment to customer information security."
Make of that what you will - they certainly seem to be keeping some information secure from reaching their customers... but the Round-Up doesn't think that's what they meant.
So who is advancing the case of ecommerce? The Round-Up set off in search of a solution. First stop Paris where the largest credit card companies in the world were convening to talk chip and PIN and card security at the Cartes 2003 Expo... surely there the Round-Up would find some answers.
On arriving in Paris, it appeared there may have been some kind of national holiday going on, which would certainly have explained why Charles de Gaulle airport had a certain Marie Celeste quality. The Round-Up's guess was that it was a Saints Day, perhaps St Offish, the patron saint of doing things with as little enthusiasm and good grace as humanly possible - which the majority of Parisians appeared to be honouring with an admirable attention to detail.
In the face of such festivities the Round-Up decided to bide its time and save Cartes until the next day. Once there the Round-Up met up with Dr Toni Merschen, senior vice president at MasterCard, and asked him if he could wipe the slate clean on the Round-Up's credit card... Then with the ice broken in a witty - 'bet you've never heard that before Toni' - kind of a way, the Round-Up proceeded to ask him about the problem of online credit card fraud.
MasterCard this week unveiled a technology which it claims will help banks, consumers and retailers protect themselves against card-not-present fraud. Which can only be a good thing. (See here for more.)
The company's SecureCode authentication system, which operates via a handheld card reader adds an extra layer of security which MasterCard claims effectively creates "a card present digital signature".
...And it looks like a pocket calculator too - which is probably why so many of them were stolen from the MasterCard stand by freebie-harvesting conference attendees laden down with vendor-branded alarm clocks, radios, calculators and all the other goodies you can garner from these events.
When shopping online consumers simply insert their credit card, enter their PIN and are provided with a six-digit code. By entering this use-once code into a retailer's website when prompted they are therefore confirming the presence of the card. Seems simple but Merschen admits it's not the silver bullet needed to end online fraud.
"We're raising the bar," he said, aware that fraudsters will now just have to try that little bit harder, adding that it has now become "an arms race".
But it's not just fraud that can give consumers a nasty surprise.
One shopper who got more than she bargained for when she bought a digital camera from Argos (yes, it's hardly been their week) is Accrington pensioner Doreen Bond.
The 75-year-old popped into Argos and picked up a Fuji digital camera in the sale. But when she got it home and started to play with her new toy she realised she was not the camera's first owner... in fact a couple had owned it before her and left their mark by filling the memory card with steamy photos.
"We all had a fit," said Doreen. "I didn’t want to look at them. I have to say I’m not a prude but anything like that, well please. Buying something new and then that coming up, I was absolutely gobsmacked,” she told the Accrington Observer.
(Did she really say "gobsmacked"?)
Doreen told the paper that the experience has left her feeling frightened of using the camera and paranoid about ever getting photographs developed again.
With unnecessarily sinister choice of phrase Doreen told the paper: “I am a menace for taking photographs. I had a camera but I was having a bit of trouble with it so I got this new one. I was shocked and upset about all this because I was so excited about getting a digital camera. Now I’m frightened to death about using it.”
Poor Doreen.
To make up for things Fuji has given Doreen two free memory cards - which should be useful given that she's already said she's now scared of using it. (Did they not listen to her?)
Argos has also chipped in and sent Doreen £150-worth of vouchers to help her through this difficult time.
The Round-Up's heart goes out to Doreen - the thought of being too frightened to play with its gadgets is too terrible for the Round-Up to even consider.
Last week the Round-Up asked readers to nominate the all-time best gizmo - in response to a story which claimed the widget was the king of gadgetry.
(While on the subject of the widget - though straying even further from technology - the Round-Up has to doff its cap to the City of Manchester where they punish their prisoners by locking them up with views over the Boddingtons brewery. Imprisonment apparently wasn't punishment enough - they had to provide them with constant reminders of what they were missing out on in the outside world. Here's to you Strangeways and your...er... strange ways).
But the widget wasn't universally popular with silicon.com readers - even though it did poll its fair share of the votes.
John Hewitt went for something a little fruity: "The greatest gadget of all time is the pineapple cutter. In case you haven't seen one, they core the pineapple and produce a perfect set of rings in one go."
Cath Shelley meanwhile opted for something REALLY fruity: "I'm sure I speak for most females here - it can only be one thing - the Rabbit... (and if you have no idea what I'm talking about, ask the girl sitting near you...)."
Of course, we know what you're talking about Cath. And to think your neighbours probably always assumed that was just your mobile phone on vibrate that they could here through the walls...
"She's been getting calls all night..." they were thinking - but now the cat (or should that be rabbit?) is well and truly out of the bag.
And finally Simon Miles, who should probably never be allowed to shop for anybody who asks for "some new gadgets", offered this list of contenders:
"Pencils, zips, locks and matches..."
Fun, fun, fun Simon.
And finally, a goodbye to one of the UK's dot-com pioneers. Posh totty Martha Lane Fox has resigned from her position as MD of lastminute.com, the company she founded with equally advantaged chum Brent Hoberman.
The company turned in its first annual profit this week and Lane Fox decided that was as good a time as any to announce her intention to explore new challenges, in a 'my work here is done' kind of a way... which sounds like she really wanted to say: "I'm going to take some time off to spend all this yummy money I've earned." And why not.
The Round-Up is now off to return a camera full of nudie shots to Argos. Until next week, here's some news:
The government is watching you - official
Universal broadband on the way - thanks to BT?
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
