May 4, 2012 - We've been talking for years about the importance of data security on the internet. Of primary concern are corporate and government data security policies that need to be implemented to prevent identity theft and protect against credit card fraud. So a story in the Washington Times caught our eye today. According to that publication, security analysts have determined that Mitt Romney's Super PAC - Restoring Our Future - has not been using SSL encryption when taking credit card donations. If true, that would mean that virtually everyone who has donated to the committee is running the risk that the credit card number has already been stolen.
|
|
|
|
|
|
SSL encryption has been standard for e-commerce sites for years. When you make a purchase online, your browser will normally show a picture of a lock in the status bar on the bottom. That lock tells you that you are on an encrypted page and that you data can't be easily intercepted by crooks or hackers. If that little lock isn't there, do your shopping somewhere else.
Even though SSL is pretty close to ubiquitous for ecommerce sites, nobody at Restoring Our Future set it up. That means that anyone who has made a donation to the website actually wound up transmitting their credit card number in the open. Anyone who bothered to be watching could easily intercept the card number and all other pertinent data including the address of the card holder, the cards security code and its expiration date. Everything required to commit credit card fraud.
For the record, there are laws to prevent this sort of thing. And it is a fair bet that the PAC has broken a few of them, but that is up to someone else to decide.
Anyone who has made donations to Restoring Our Future should be watching their credit card statements closely for any unidentified charges. If that isn't enough to make you comfortable, then you can also notify your bank and ask them to issue you a new credit card.
As a result of the story, the PAC announced last night that it had switched over to SSL encryption for all new donations. That means that anyone donating from this point forward will have the protection they should have had all along.
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|