Computer Security Day is Nov. 30. You’ve no doubt read many articles telling you to finally change your password so that it’s not “password” or your birthdate. You’re warier now when checking out at stores such as Target because you realize their databases might be hacked. But we thought we’d take this moment to highlight a concern you may not often hear about: Keylogging – What it is & How to detect it.
Keylogging itself is not malicious. The term refers to a software or device that tracks keystrokes as you type or punch them into your keyboard or keypad. Companies may use such software to monitor employee activity, for example.
However, keylogging, in this case, means using malware to grab credit card numbers as they are entered into a website’s checkout form. As a consumer completes a purchase, the credit card information is sent to the hackers in real time. The hackers install relatively simple code on e-commerce and other websites to gain this information. Plus, such code is meant to be invisible, hiding in the system.
- Passwords entered on a device
- A list of websites visited
- Applications used
- Logs of chat sessions
- Copies of emails
Once a cybercriminal has your data, he or she transfers money out of your accounts. The problem isn’t just for consumers; keylogging means gaining access to all sorts of information, from proprietary details to classified government documents.
Although most merchants and banks will reimburse the consumer for fraudulent charges, U.S. merchants lose an estimated $190 billion a year to credit card fraud; consumers bear this cost with higher prices.
You might think consumers are powerless to prevent these attacks. Few of us are going to stop shopping online, and as mentioned, banks will reimburse us, right? Maybe. In one suit brought against Bank of America, the jury ruled in the defendant’s favor because the plaintiff had not updated his anti-virus software.
Preventing keylogging on your device requires the same approach as for other computer security:
- Be careful what you download and run.
- Don’t open suspicious emails.
- Rely on an antivirus program.
- Update your software regularly.
- Consider which retailers to which you submit payment data.
- Look for the padlock or green symbol in your browser to make sure a website is secure before you buy.
- Avoid using public computers for purchases or sensitive information.
Merchants and businesses that accept credit card payments or have sensitive information should be aware of this problem. The latest batch of keylogging attacks worked even in cases where the seller used PCI standards and did not store payment information.
- Work with people who can demonstrate their technologies and security procedures.
- Make sure your site administrator relies on best practices and security controls for eCommerce.
- Update all operating systems and web stack software as needed.
- Use complex login credentials and change passwords regularly.
- Use multi-factor authentication with tokens.
Talk to us about computer security practices for your company.
Got A New Project?
Book a meeting with one of our team member or get ball park estimation on your project.