casino.com - casino gambling

I have every confidence that my Internet financial transactions are safe, but not because we all use security such as Secure Sockets Layer. First, my credit card company protects me against fraud. Second, the bad guys aren't going to waste their time going after any individual transaction; they want the whole database of credit card information, user profiles and the like, to make a real killing.

Anyway my Super Bowl bet paid off, and I had a stash of cash in the electronic reservoirs at Sports Interaction. But when I went to the site to retrieve my winnings, I couldn't remember my user identification or password. So I called Sports Interaction and asked the staffer who answered what procedure I had to follow to retrieve my lost password.

"What's your name?" I gave it to him.

"Do you live in this city? Yes, I said.

"Your user ID is XXXX and your password is XXXX"Click.

Instant replay: I gave Sports Interaction my name, and only my name. In return, I was given my user ID and password. No security check at all.

I got online at warp speed and yanked out every red cent from my account. Once my funds were safe again with Visa, I called Sports Interaction to find out what was going on.With a fair amount of nonchalance, a supervisor denied such a thing should happen.

"But it did,"I challenged."Did you ever receive security training?"

Ah... yeah,"he said unconvincingly

"So tell me: What happens if you give out my user ID and password to someone who then gambles all my money away.What do you do?" No answer Stymied by a wall of "Gotcha!"

I finally reached Sports Interaction's marketing executive, Anthony Munnelly. He was nearly speechless when I described the situation.al can't believe this ... this is simply awful ... this shouldn't have happened," he said. But he also didn't know how often it might have happened in the past or what they would do if my account was absconded with. Apparently there are no records.

"Your security is also based on mail addresses:'l said."What if they are spoofed?"He said he would have to get back to me on that one.

"What about financial liability?" Have to get back to me.

"What about training?" Same.

How difficult is this?

For the past several years I've been preaching that technology is not the security barrier vendors claim. People are the first and last defense. With that in mind, here are some questions to consider:

* What sort of security-awareness training does your staff receive? How often are they retrained?

* Is human resources involved in the security process - mean seriously involved, or is it just another form to sign?

* How do you monitor your staff? Is that enough?

* How do you know whether human security breaches occur?

* What is your legal liability if one of your staff pulls a security breech on you? How's your insurance?

* Are you prepared to spin-doctor your story once the media rush begins? When it comes to financial institutions, it's all about perception and confidence.

The ultimate security mantra is, always has been and always will be, "Stick to the basics" In this case, it's not so much that Sports Interaction got caught. The real worry is how many times they, or other organizations, don't get caught.

Winn Schwartau

Schwartau is president of Interpact, a security awareness consulting firm, and author of several books, including Time Based Security, Computer and Internet Ethics, and his latest, Pearl Harbor Dot Com. He can be reached at winn@interpactinc.com.

casino.com - casino gambling

Menu