Authentication - the process of testing a statement or claim of identity or access rights, such as a credential, in order to establish a level of confidence in the statement or claim’s reliability. A credential is something used to confirm a customer's user’s identity (see: token and security token). A credential incorporates a password, cryptographic key or other form of secret.
Cookies – a web cookie is a parcel of text sent by a server to an Internet browser and then sent back unchanged by the browser each time it accesses that server. They are used for authentication, user tracking and maintaining user specific information such as site preferences and electronic shopping carts. Cookies are an issue for those concerned about Internet privacy, since they can be used for tracking the browsing of a user. You can set your computer to accept all cookies, to notify you when a cookie is issued, or not to receive cookies at any time.
Credit card skimming – see skimming.
Garbage gleaning – the practice of rummaging through someone’s garbage or the garbage of businesses. Thieves are looking to obtain copies of cheques, credit card or bank statements or other records that typically bear names, addresses, and even telephone number. These types of records make it easier for criminals to assume your identity. It is referred to in the United States as dumpster diving.
Encryption - is a technique of securing information by encoding personal information being sent to banks and other businesses. It uses random mathematical 'keys' so that the customer and the bank's systems can readily unscramble the information. These keys are generated each time the customers’ signs into Internet Banking and are destroyed when the customers’ session is terminated, when the customer signs out.
Firewall – A firewall is a system designed to prevent unauthorised access to a computer. The firewall examines each message entering or leaving a computer and blocks those that don’t meet the security rules. The firewall is like a moat around a castle – it helps prevent criminal attempts to enter a computer, and helps make it impervious to external attack. Any type of Internet connection can be hacked, whether dial-up or broadband, so the use of a firewall is recommended.
Identity - encompasses the identity of natural persons (living or deceased) and the identity of companies.
Identity crime – can be used as a generic term to describe activities/offences in which a perpetrator uses a fabricated identity; a manipulated identity; or a stolen/assumed identity to facilitate the commission of a crime(s).
Identity fabrication – can be used to describe the creation of a fictitious identity.
Identity fraud - describes the gaining of money, goods, services other benefits or the avoidance of obligations through the use of a fabricated identity; a manipulated identity; or a stolen/assumed identity;
Identity manipulation – describes the alteration of one’s own identity.
Identity theft – describes the theft or assumption of a pre-existing identity (or significant part thereof), with or without consent, and, whether, in the case of an individual, the person is living or deceased.
PDA device - Personal Digital Assistants (also called PDAs) are handheld devices that were originally designed as personal organisers, but have become much more versatile over the years. A basic PDA usually includes date book, address book, task list, memo pad, clock, and calculator software. Newer PDAs also have both colour screens and audio capabilities, enabling them to be used as mobile phones, web browsers or media players. Many PDAs can access the Internet, intranets or extranets via Wireless Wide – Area Networks (WWANs).
Phishing – refers to hoax e-mail messages that look like they are from your bank, another financial institution or business, that ask you to visit a fraudulent website that looks like the bank’s or other financial institution or business, in order to confirm account information including usernames and passwords. Criminals may also contact you by telephone – this practice is known as pretexting by phone (see definition below).
Pretexting – Pretexting is the practice of getting your personal information under false pretences. Pretexters sell your information to people who may use it to get credit in your name, steal your assets, or to investigate or sue you. Pretexting is a criminal offence. (Also see phishing).
Scams - Scams can range from e-mails that ask you to “verify” your personal or banking details by following a link, to letters, e-mails or phone calls requesting an upfront payment of a relatively small fee in return for promised riches. They can also come in the guise of lottery winnings for draws you never entered, calls about terrific investment opportunities from people you've never met, or offers of jobs that don’t exist. The key here is ‘if it sounds too good to be true – it probably is!’. The best defence against these scams – do not respond. For more information about identifying and avoiding scams, visit FIDO, ASIC’s consumer website at www.fido.gov.au. Another Federal Government website which may be of use is scamwatch.gov.au.
Security token: A security token (sometimes called an authentication token) is a small hardware device that the owner carries to authorise access to Internet banking. The device may be in the form of a smart card or may be embedded in a commonly used object such as a key fob. Security tokens provide an extra level of assurance through a method known as two-factor authentication: the user has a personal identification number (PIN), which authorises them as the owner of that particular device; the device then displays a number which uniquely identifies the user to the service, allowing them to log in to Internet banking.
Shoulder surfing – usually happens at ATM machines or public phones. Criminals may watch you from a nearby location, or behind you in a queue, as you key in your PIN number. They may also listen in on your conversation if you give your credit card number over the phone, for example, when making a hotel reservation or book a rental car.
Skimming – is the unauthorised copying of information stored on the magnetic strip of a credit card. This information is used to create a ‘cloned card’, which is then used for fraudulent transactions in retail outlets or on the Internet. The stolen details can also be used for Identity theft.
Spam – is the common term for unsolicited bulk electronic messages, usually e-mail messages but increasingly SMS and MMS messages (text messages and graphics/ videos delivered to mobile phones). These messages are typically sent to a large number of recipients who have not requested them. You can buy filtering software to black spam and junk e-mail.
Spyware – is parasitic software that often comes hidden with ‘free’ downloads from the Internet. It spies on you and sends back data on your surfing habits, which ads you’ve seen and more. In the majority of cases you will not know it is running on your PC, however, it can cause unwanted pop-up screens, your computer to slow down and crash and it has the potential to waste bandwidth. You could run an anti-spy ware programs to determine whether you have spy ware on your computer. For further information on spy ware and the Australian Governments anti-spy ware campaign, go to www.nospyware.net.au.
Token: a physical thing, issued as a credential (see authentication). A token is likely to include security features intended to render it difficult to forge. For example, an identity cards such as a driver’s licence. (see also Security Token)
Trojans - a malicious computer program that is disguised as legitimate software or computer file. The attachment or program may look useful or interesting (or at the very least harmless) to an unsuspecting user, but is actually harmful when executed. The program is often (but not always) a cute animation or a picture, but behind the scenes it infects the computer with a Trojan or ‘worm’. The infected program doesn’t have to arrive via an e-mail, it could be sent to you in an instant message, downloaded from a website or even delivered on a CD or floppy disk. The majority of Trojan horse infections occur because the user was tricked into running an infected program. Never open attachments (files) with COM, EXE, BAT, PIF, SCR extensions from an unknown source or ones that you do not recognise. However, if you use an anti-virus program, and update it regularly, this should detect and disinfect the majority of Trojans that are currently being circulated.
Two factor authentication – is a security process in which the user provides two means of identification, one of which is typically a physical token and other is typically something memorised, such as a security code. In this context, the two factors involved as sometimes spoken of as ‘something you have and something you know.”
Webpage spoofing –Where a legitimate web page such as a bank's site is reproduced in "look and feel" on another server under control of the criminal. The intent is to fool users into thinking that they are connected to a trusted site, possibly to illegally obtain user names and passwords.