Credit Card life Cycle (Part -2): The Threat Areas

In my previous post, I tried to categorise, in a general way, how a credit card transaction happens. This one's going to be more on the lines of threat areas in the whole cycle.

There are three basic areas you should be careful about while shopping online: (a) Is the online mall you are visiting a legitimate one?

(b) Is the redirected Credit Card password page valid? (c) Is the web browser being used working properly post payment?

Mall Legitimacy: 

With so many companies going online to sell their product, it's very difficult to keep pace and track with which website can or cannot be trusted. This doubt comes simply because the only time we see a representative of that company is at the time of the delivery of the purchased product at our homes. In order to beat the fake, I would suggest the simplest way: Get a licensed copy of a good antivirus. This actually sorts out 95% of the worries. Now you might ask, how is that possible? Well, these days online legitimacy is closely monitored and a good anti-virus such as Kaspersky, Avast, AVG, etc gives a green signal to all legitimate websites searched on any search engine. Like, I use a licensed copy of Kaspersky Internet Security 2012, it gives me a four bar status (like the network  status on our mobilephone), confirming that the website is safe as per their verified database. The second way of verifying is to check if the website has a Verisign, eTRUST, GEOtrust etc logo on them or not. These companies that are dedicated to make the internet safe. Legitimate websites need to buy the certificate logo from them to be put up in their websites and in turn they do an in-depth  check of the hosted website, giving shoppers like you the peace of mind. To top this, websites that have been verified by these security experts give us the signal in three more ways which are easily identified: (1) The website address or URL starts of with https:// (2) The address bar in general turns green (3) There is a pad-lock symbol that comes up, marking it as safe. These three indicators mean that the IP address with which you are online has been identified with the store server and a secure encrypted gateway has been created for you to shop.

Credit Card Page:

Once you add your purchase to the card and you are redirected to the Credit Card payment page is when you need to be extremely cautious. Once you are redirected to the payment page, where you enter your card details, make sure you know that it is your bank's page. Reason why I stress on this is, because though the gateway has been created for the shop to be safe it is possible that your bank webpage may have been hacked, and since this is the only time you are exposed over the internet out of the secure connection, the hackers play with this the most. So few pointers to be noted before you put in your card's most sensitive details: (1) check for the https:// (SSL connection) and the pad lock symbol in the browser, (2) Locate your bank logo and look for the Mastercard/VISA logo as well, this comes depending upon the card that you hold, (3) Try to identify the look and feel of the page if have visited it before look for anything which is out of ordinary, and (4) In general the page has a time out mechanism within which, if a payment is not made, the gateway closes, if you want to wait for 10 mins to check that, go ahead!! If all seems satisfactory, put in the password to go ahead and complete your purchase.

Post Payment Checks:

After the payment is made (during payment the session is made secure by your bank) you'll get redirected to the Merchant page, where your security is again taken over by them. But during this transition you might see a notification that says "Do not press backspace or refresh the page". I would say that it is mandatory to follow this. If you don't, the security transfer might break and can result in a failed transaction, and even though you would have paid for your item, the purchase wouldn't have been completed. If you are redirected back to a page which says that your item is in the logistics department, getting ready to be shipped to you, you have successfully completed your transaction.

With that I hope one can get a good idea of what are the Do's/Don't needed for shopping with the Credit Card online. So go ahead, holiday season is in, get yourself and your family the gifts that matter. I, in the meanwhile, shall await Boxing Day!

Credit Card’s Online Life Cycle (Part – I): How exactly does your magic plastic card work on the internet

Over the last couple of years, with the World Wide Web booming leaps and bounds beyond accountability, our lives have kind of been molded by it. From what used to be a happy stroll for window shopping in the nearest mall/shopping center over the weekends, has become a regular affair on a 15’’ screen. At times I really feel that world is not that big a place after all, and if I can shop for anything just sitting at home why shouldn’t I be a couch potato!! Jokes apart, this blog entry is dedicated to all the online shoppers to provide them an education on how the magic plastic card pays our expenses in a matter of split seconds.

Know Your Card:

It is very important that we be aware of the type of Credit Card is the bank offering us. Essentially, there are mainly three types of Credit Cards that are issued by banks all across the globe namely: Master Card, VISA and MAESTRO, of this MAESTRO cards are generally not accepted by most online shopping programs. So be cautious while getting that glittery card from your bank. Next, a Credit Card, be it issued by any place in the world, will always have a unique 16 – digit number. This is you’re a/c number as registered in your bank. And third and most important aspect which acts as an identifier to a card is the ‘CVV’ number, which is a 3 – digit number present just below the magnetic strip of the card. With these facts cleared let’s begin with the explanation of how exactly your plastic plays your bills online.

The Life Cycle:

The other day my father asked me this question “How exactly does a website consider a successful payment from our Credit Card?” A very good question and this is how I explained it.

Once we choose our product of purchase (say on eBay.com) we proceed to the payment screen where under the section called as Credit Card, we are required to fill in a few details, namely Full Name (As given on card), Card Expiry Date, Registered Telephone Number and Registered Email address (all information are related to the Credit card). Now this is where the fun begins. In an online shopping scenario ebay.com is considered to be the ‘Merchant’, who, after recording your Credit Card details, sends two sets of queries to verify the validity of the card. The first set of query goes to your card’s issuer i.e. your bank, and the second set of query goes to your card type owner, i.e. either Master Card or VISA, depending on what type of card you posses. Since the details that you filled earlier classify as your personal information, the Merchant does not keep a copy of your details and instead passes it on to a third party, who is a verified partner of both Merchant and your Bank. These third parties are called ‘Aggregators’.

The Aggregator’s work is a fairly simple one. It basically relays the replies from one end to the other, thus keeping a complete transaction history which can be passed on to law authorities (Federal Bank, Reserve Banks etc) for reference and economic calculations. As I mentioned earlier, the two sets of queries that were sent by the Merchant return with replies about the validity of the card to the Aggregator. If found valid by both parties, i.e. your Bank and your MasterCard/VISA, the next phase of the transaction gets initiated. This is when we see the page getting redirected to our bank’s payment page with a warning message on the browser that “Do not refresh the page or press the Backspace button”. This is done because if the page is refreshed, or any key is pressed the authenticated message with the Aggregator gets lost and the transaction fails automatically.

Once on our bank’s page, we find that our card number is present (first four numbers –XXXX-XXXX- last four numbers), our name, and the amount we are to be billed for, with additional information required as the CVV number, expiry date on the card and finally the password that we setup for our online transaction. Do note that this information that we fill on the bank’s page is NOT captured by the Aggregator. It’s the sole property of the bank. If the information entered by you is correct the bank goes ahead and shows you a flash message that the transaction is successful.

Post this we are redirected back to our Merchant page i.e., Ebay.com, which then shows us a confirmation that the product we paid for is now a prized possession of ours. Note: During the redirect the message “Do not refresh the page or press the Backspace button” is displayed again. This is shown as the Aggregator again records the transaction history of the payment made and any untoward input from our end can still cause the transaction to fail. So ideally, wait till you receive an acknowledgement from the Merchant website saying that the purchase is confirmed.

Finally, the Aggregator records all data of the purchase and individually sends a copy of it to the Merchant, Master Card/ VISA, and your bank. The data for the Merchant contains your account details as setup on ebay.com, and the bank from where the payment was received. The type of purchase and any loyalty points etc are sent to Master Card/VISA. And unfortunately, your Bank gets the data which allows it to prepare the bill to be sent to you.

Hope this has been fairly informative and enlightening on how the magic plastic card helps us pay our bills online. The Part – II of this blog will deal with the security threats that you should be cautious about while performing an online transaction via your Credit Card.

NFC - The new kid on the block

Looking at the above video will naturally pop a few questions in anybody’s mind, of which the first must be, “How on earth can two devices get connected to everything with a mere tap?” Well folks, it gives me immense pleasure and honor, along with NOKIA, to introduce you to this wonderful technology in your smart phones called NFC, or Near Frequency Communication. I would also like to take things a tad forward with some other queries, which I guess your mind would still be seeking answers to.

What is NFC?

Well, NFC is not new as a concept. I’d like to say it’s just an improved version of wireless connectivity that we already know exists. Confused? Read on. NFC allows data transaction with another device with the same features (NFC enabled) over a wireless network, only difference being the distance of coverage area. Typically NFC has a coverage distance of only 10 cm(centimeter), but ideal data transfer speed can be attained at a mere distance of 4cm only and operates at a frequency of 13.56Hz (Hertz).

NFC based communication works on the principle TAG and Reader/Writer.

TAG: It’s a simple device that contains an antenna and has the capacity of storing a very small amount of memory in it, kind of like your Flash Drive/USB stick. It is powered by a magnetic field and depending on the TAG type the memory can be Read, Written or Re-Written (once only). See below how ideally the TAG looks like.

READER: This is an active device generating the radio signals which communicates with the TAG. This READER also powers up the TAG for communication channel.

So, ideally, when you tap two NFC enabled smart phones, remember that both the devices have a TAG and a READER each because of which your data is getting transferred.

How Secure is it?

Now that we have an idea what NFC is all about, the first thing that came to my mind was, “How secure is it?” So I ran through a checklist of the common threats that we encounter in Wireless technology and following is my observation, in theory:

Eavesdropping: This is a very common technique employed by hackers, wherein they track and receive the wireless communication signals using merely an antenna to fiddle with our data. SERIOUS THREAT! This is a major issue with Wi-Fi connectivity that we use regularly with our laptops/desktops. (This is the reason I always recommend that one uses a tough encrypted password to connect laptops to one’s router –preferred encryption type WPA2). In general, the distance between the router and your computer is quite large, hence the threat. And this is where NFC scores for me – since the devices have to be kept at a distance of 4 cm only the job of a hacker becomes tough and is 98% secure.

Data Corruption/Insertion/Modification: An attacker can “peep” into a communication channel of two devices in order to disrupt data in the following mentioned manner as per the heading, but for me NFC scores here as well as communication happens at a specific rate which is same for both the devices so a chance of cracking into the delay time of data transfer is reduced considerably.

Utility / Benefits: I think I can leave this part to the developers of this technology, as to how far they can stretch its reach. A few of the features that I have enlisted below are where this really comes in handy in our daily lives:

         1)  Service Initiation: With a mere tap into a poster stuck on the street to anything under the sun we can open a link to a website, download songs, and maybe even movies! I’ll let your imagination run wild on this one ;)

      2)  Peer-to-peer communication: Tap a friend’s handset, which is already connected to a Bluetooth or a Wi-Fi link, to browse through the internet.

    3) Ticketing/Travel: Tap to the gateway to make it your access card for booking tickets and travel plans.

    4) Payment:  Save your Credit Card details in the NFC chip and leave the cards at home as you now have a mobile bank in your pocket.

     With all these features life will become simpler for sure. But I would like you all to know two facts which are interesting and must be taken note of:

   1) Whenever you tap your smart phone with another, the profile gets saved for that device so no individual profile set up, such as the kind what we now do for data transfer via Bluetooth, is required.  But be careful, since NFC can be used to make payments and if you end up saving your credit card details there, make sure you only pair with handsets, posters, etc you trust.

   2) Always keep an anti-theft software installed on the handset, since you can end up losing it, and having the anti-theft software on your phone will allow you to remotely login to delete all data for security concerns.

     

     Enough said. Go ahead and get your hands on the new NOKIA smatphone and be a part of this technological revolution.

LCD TV or LED TV, a buyer's determining factors

With the global economy being a bit shaky and people perception becoming narrower day by day it's high time we focus our line of sight to consumer electronics which is an inevitable expenditure to assets accumulation. One of the most important electronic gadget that we put to our daily use everyday is a 'Television'. Now with growth of technology we have huge number of options available to us on visiting an electronic store. This post tries to unwind the difference between two such categories of 'Television', ie, LCD  TV (Liquid Crystal Display) and LED TV (Light Emitting Diode) . Though there are huge bit of advertisements that go around, read through to understand which is your safest bet in terms of technology, cost and energy efficiency.

Understanding your Gadget:

LED TV is a bit contradicting but as manufacturers and retailers continue to use, the term makes it's way into the public conscience and is worth deliberating on the differences. LED televisions are really just LCD televisions that use LED lights for back lighting instead of the fluorescent CFL (Compact Fluroscent Lamp) lighting traditionally used for LCDs. Both use the liquid crystal diode (LCD) technology front panel containing the “twisting crystals” which define LCD technology kind of same concept that is used in a pocket calculator.

LED TVs feature two main forms of back lighting, edge lighting and local dimming. Edge lighting has LEDs around the edge of the panel and this allows for extremely thin framework. Through advancements in LED (light emitting diode) technology these lights are manufactured in very small sizes so that local dimming back lighting LED TVs can have a very thin depth. Local dimming backlighting features banks of LED lights behind the panel and these banks are controlled to lower amount of back lighting in dark areas of the screen and raise it in bright areas for higher contrast and better blacks. This is accomplished through varying features options in the TV. 

Veiwing FACTORS : 

CONTRAST / BLACK LEVELS: 

LCD panels create dark tones by blocking the backlight passing through the panel, this method of displaying black has been a problem inherent in the technology. Local dimming LED back lighting presents a solution to this problem by dimming the back light in areas where the screen should be dark. Edge lit LED will have brighter whites than most flourescent back lit LCDs but do not have the control over the backlighting like local dimming TVs do.

This comparison has become muddied lately with some LCD TVs showing very concentrated black levels. Local dimming LED TVs have been the best in the past.

COLOUR Efficiency:

With white LED backlights there is no significant difference between the two technologies, but with RGB colored lights or a color wheel to affect the backlight color the LED TVs have an advantage in displaying realistic sharper colour.

VIEWING ANGLES: 

Answers to this question changes frequently. What seems to have the greatest impact now on the viewing angle topic is the quality of the clear glass panel on the front of either LCDs or LED TVs. The thicker, and higher quality this glass panel, the better the viewing angle and somewhat detrimentally the worse the glare. Anti glare technologies do prevent glare but the inhibit picture depth and viewing angles. Lately  some LCD TVs with very good viewing angles and picture depth have come up  this was never previously the case. We have also viewed very expensive thin edge lit LED TVs with poor viewing angles showing contrast and black level degradation at a mere 30 degrees off center.

Local dimming LED TVs will naturally perform better with the light coming from directly behind the screen.

FAST-MOVING VIDEO PLAYBACK:

Displaying fast moving video is a function of the response time and refresh rate in LCD and LED televisions. The type of backlighting in the TV has no effect on the reproduction of fast moving video. This is completely controlled by the processor that is put in the mother board of the unit. 

UTILITY FACTORS:

HD (High Definition): 

With HD being introduced in across the world it's time we would like our TV to capture the same for us. LCD  and LED TV's are in general either HD-Ready or Full-HD (1080i DPI). So if the funds are what one has to spend I would say take your pick.

GAMING (Online/Offline):

In this feature it's not the technology type that takes effect but a specific Game mode which intelligently controls the picture processing with it's super advanced microprocessors connected to the mother board. Without the game mode there can be significant input delay with the TV and the processing not able to keep up with the speed of the game. One small advantage that LED TVs might in general have is that LED TVs have higher feature sets due to their higher costs and therefore includes the Game mode.

LIFEspan

LED backlit televisions are brand new as a technology but LED lights in general have a longer lifespan. Fluorescent CFL backlighting, while lasting a long time will naturally have white balance color changes as the fluorescent lighting ages. CFL fluorescent backlighting will be more unstable hence LCD lifespan might be a little smaller. 

ENERGY EFFICIENCY:

With LCD based TV’s, a backlight shines through an LCD panel to create the image. Since the pixels reside in the panel, and not the backlight the TV’s power usage is largely independent of resolution. Many LCD’s can conserve additional power by automatically turning the backlight down during dark scenes and up during bright. LED’s are more efficient in general and can also use various dimming technologies that turn down either the entire backlight or independent sections, both of which save power. LED  TV’s are most efficient type of flat-panel TV available today.

COST EFFECTIVENESS: 

With so many differences at our hand we finally come to the point which the world pretty much talks in today, ie, money. LCD is considered kind of an outdated technology so of course it is a bit cheaper than the LED ones. So take your shot depending on all the above factors.

Hope the above suggestions help, and have a happy family time.

The "Social Network" Privacy Checklist

Today 1 out of every 5 people on this planet hooked onto social networking websites 24*7 which in a way is very profitable to all Internet Service Provider’s and Social networking’s alike but it poses grave threat for personal account information breach and privacy loss which in present world is a very grave concern.

Now one might ask me, why I say so? It’s simple, In general our ISP’s (Internet Service Provider) provide us with a dynamic IP, ie, the IP address gets generated every time our Router/Dongle gets connected to their sever during authentication. (Which in generally see as ‘connecting’ information on the user interface that is available eg: see snapshot added for reference)



So if the Router/Dongle stay’s connected for a very long period the IP address tends to stale up and even if you restart your router/dongle it shows at exchange level that your system is still connected. This results in 2 major issues:

a) Gives way to a hacker the perfect gateway to play and toy with your computer and delicate personal information via the social networking websites (which most have a habit of keeping it connected all the time either via a computer or a mobile phone).
b) It might result in connection outage for several hours.

Since out here the social networking websites (especially Facebook) are easy picking’s. I would like to share a few things that for a hacker will be a bit hard to crack into your profile.

Go to ‘Account’ -> ‘Account Settings’ you will see the following page under ‘General‘ category.



Next Click on ‘Security’ option which is present just below the ‘General’ option on the left hand side of the menu view as shown in the screenshot above. Once done you will see the following page as shown.



Once here all the options that are available in the middle part of the screen have to changed to desired options. The following are the one that I personally will recommend:

1)Security Question: Please set it up based on the drop down and make a note both of the question and answer that you provide, Facebook can ask this question if the server detects an incorrect login tried multiple times on your account for authenticity.

2)Secure Browsing: Mandatorily ‘Enable’ it, this makes your browser connect to Facebook over a https:// login. So this secure SSL connection gives you an extra layer of protection over this vast World Wide Web!!!

3)Login Notifications: This option should also be kept ‘Enabled’ as well as this provides a detailed information to the registered email address (that one used to open the Facebook) if any access is done to your account from a different computer/mobile other than the ones that you in general use. Basically Facebook recognizes the MAC address of your device to give this information which in general is accurate a 100%.

4)Recognized Devices: This feature gets activated once the ‘Login Notification’ is enabled, this keeps a log of the usually used computer/mobile, hence giving one an easy access to verify any unknown activity.

5)Active Sessions: This part is what I am particularly proud of, it shows one all the active sessions that are present at real time. So say you are logged in from your IPad and Laptop to the same account at one time both the access information will be shown, best part if you want you can terminate any one the sessions from here. Thus if you find apart from your ISP’s server location there is any other access being done, close/terminate the session asap!!! As it might actually save you from a hacked entry.


Apart from these, my recommendation to all especially Facebook account holders, apart from using the basic features that keeps you updated, try not to use any additional applications such as Farmville, Cityville etc from your profile as these compromises your security but not being active over https:// (or SSL) connectivity. Special note for mobile user’s: Only use Facebook applications provided by your mobile phone manufacturer or Sanptu or Facebook itself (from it’s login page) as these have been tested to be secure.

Though I do not want to give anyone a scare, but for me I believe prevention is better than cure..happy browsing my fellow Facebook(ians).

Port Forwarding in Windows XP (Gamer's Treat)

In case of game port forwarding for XP service pack 2 & 3, apart from the way we deactivate the FIREWALL of the router we can also create a virtual port with an exception of the windows default firewall by the following method:

First click on START --> then click on CONTROL PANEL --> followed by NETWORK AND INTERNET CONNECTION..(check fig. for details)



After that click on WINDOWS FIREWALL..the following screen would come up



click on the EXCEPTION TAB...the following screen would come up...as depicted below where we can put in the name of the game...follow the screenshots to configure the same.



click on Add Port...the following screen appears...



Depending on the game select TCP or UDP whichever port needs to be open. The game manual will also provide port number which are to be entered in the two provided text fields. After that click on the CHANGE SCOPE tab the following screen will appear.



Here in this small window pop-up that opens up select the last option(custom list) where the customer can put in the IP address, default gateway & subnet mask which should be a static one configured to open the port and click on ok to save the settings.

The game would be port forwarded. Enjoy!!!

Using Facebook & Twitter via Email

This post is dedicated to all the Facebook & Twitter addicts round the world (count me into that group bigtime) an’ especially people working with all the social networking websites blocked by websense at office.

There are better options than scribbling down in your mobile phone to access them, TheFriendMail and Tweetymail: the free email service that can be used to access them. I actually stumbled upon these two awesome websites by chance and I found them to be working perfectly from my office.

TheFriendmail: URL: http://thefriendmail.com/

To begin using it all one has to do is link up your Facebook account with TheFriendMail by logging in via their credentials (as used for Facebook ie, Username and Password). Once logged in (for the first time only) it will ask for the permission level that one might allow the application to access for further usage, they are of two types: a) High Permission b) Low Permission.

a) High Permission: Once selected one can do nearly anything—share links, photos, status updates, comments, send messages, "like" posts, view profiles, and even see news feed—all without ever leaving the email client. One just has to send an email to one of their designated email addresses, like status@thefriendmail.com, and it will post it for you. You can even schedule posts to go up at a certain time in the future, even Facebook does not support this feature yet.

b) Low permission: This version allows one to update their status, request for news feed and get notifications only.

Based on the permission levels one can control their access levels to the Facebook account so privacy is also controlled.

Best part is that the website is still in it’s BETA testing phase so creation of the account is free, my suggestion create your account now – you never know when it might start charging for it or even start the concept of “Invitation” only as was once there for Gmail.




Tweetymail: URL: http://tweetymail.com/

The Tweetmail kind of works the same way like TheFriendMail, one has to access the mail via their twitter access details and it’s ready to put forward all the tweets that comes in mind. To tweet, one just has to email as: tweet@tweetymail.com with the tweet as the body and it will post it for you. One can also request your timeline via email, send and receive direct messages, get notifications of mentions, and follow other users.

Tweetmail have two forms of usage: a) Paid service b) Free service

a) Paid Service gives features directly replying or retweeting posts you view from your email.

b) Free service takes in manual entry as "@" mention people to reply or use the old "RT @" format used for retweets.

Me being an avid Facebook user I did find the features to highly unique and very refreshing. The interface looks very similar and has been done on PHP same as Facebook so the experience level and enthusiasm to use it has been a great pleasure for me. Try it out and let me know if it bypasses all filter blocks at offices around the world, perhaps we finally have another reason to sit in our chair a bit longer.