I just read a good post on IrishEyes about the dangers of banking in Internet Cafes. With the recent influx of immigrants, netcafes are more popular than ever, and are springing up all over the place, largely in Cork. I wouldn’t be surprised to learn if our immigrant community does more of their banking online than in a bank – for example, last month AIB announced that over 1 in 6 online-banking transactions were to banks in Poland. I would expect that a large proportion of these took place in internet cafes. IrishEyes mentions that keystroke-logging software is a big risk in the Irish net cafes now. Despite having seen first-hand some of the dodgy dealings that can go on in an internet cafe – spammers, disgruntled employees with webmail, and kids installing back orifice, for example – this comes as a surprise to me.
Lar Veale, in the comments suggests that there be a code of practice established which cafes must sign up to. This is a very interesting prospect. I know that Nethouse used to (maybe they still do) automatically re-image each PC over the network every morning at 5am or something. Some cafes have very high quality security systems, with each station fully visible to a camera. Some other cafes give no administrative rights to the user, who can use nothing but their web browser and MSN. The unfortunate reality is that there are many internet cafes opened by people who know very little about computers and nothing about security, and they are endangering their customers. I remember one cafe which opened in the greater Cork area that had no antivirus installed, no firewall, and never ran Windows Update, and never reimaged their PCs.
With all the publicity that the ATM fraud got a few months ago, its about time somebody spoke up about the dangers of internet banking in the net cafes. Educating the masses will only get you so far, there should be a standard introduced, a League of Secure Internet Cafes, with a sticker on the window with a golden lock indicating that they follow the basic security procedures recommended by <insert relevant party here>. It won’t stop Krzysztof from using the Windows 98 PCs down the back of O’Dwyer’s Fishing Tackle & Internet Cafe, but at least its a step in the right direction. I know its frustrating when you can’t save your Quake config on the computer for future use because it will be wiped out at 5am, or when you can’t use IRC because its not in the start menu, but this is a small price to pay for knowing that your passwords probably aren’t getting stolen.
3 Comments
FACT: There’s an internet cafe on John Street in Kilkenny run by Nigerians. One of them ordered 10 Nokia 9500 phones from me using a credit card number that did not belong to him. It was a number with expiration date and security code. It affiliated with a billing address that was different than the shipping address. Based on what I know about 419 Nigerians and my personal experience with dodgy credit cards presented by Nigerians, I never go to the John Street internet cafe in Kilkenny. And as I’ve written, I don’t use credit card or banking details on internet cafe workstations.
Very sensible… the people in your Kilkenny cafe might not be scamming the customers who are doing their online banking, but they could be using it as a base for 419 scamming. I don’t know exactly how it works, but in a couple of the ‘beat the scammer at his own game’ stories, the goods were delivered to an internet cafe belonging to a friend of the Nigerian scammer.
Yeah those Nigerians sure do love their internet cafes though my experience, the majority of them aren’t all that computer savvy. I guess every nationality have their own traditional business that they set up, like the Chinese open takeaways, the Irish open pubs and the Nigerians open internet cafes. It’s not that they’re all dodgy 419ers though, it’s just that they love the idea of running a high tech bizahness even though most of them don’t know what the hell they’re doing.
Most of the cafes around to be either staffed by people who haven’t a clue about computers or are hang-out spots for whichever ethnic group owns it. There’s never an on-site technical guy, security is shoddy, if not non-existent. Most cafes don’t seem to have any firewall, either, some, I’ve noticed, just share the connection through unpatched windows boxes and yes, as you say, don’t bother to use antivirus.
I’m an internet cafe owner myself, though, and I can tell you that managing one, even a small one, is not the cushy number that people think it is. From my perspective running an internet cafe means affording a certain trust. People need to know they can trust the service I provide and that my computers are 100% clean and secure. Anyone who ever visits a slipshod internet cafe are unlikely to return. I mean my cafe’s in a rather small community and on any given day I’ve got people booking flights, ferries, buying items through eBay or Amazon, working with Paypal, doing their online banking, writing private emails, playing poker and so on. If just one of those people felt my service wasn’t secure and reliable, I’d be out of the game.
So I guess the rules are, does this place seem dodgy? if so exit.
Do the people there look like they know what the hell they’re doing? if not, exit. When you log in, are there any strange looking items running in the task bar? Maybe mouse over to see if there’s malware running there. You should also see if there’s at least some sort of antivirus software running there.
Are there any strange popups or does the system seem sluggish? If so exit.
For the love of god log out of your email, NEVER tick any “remember me on this computer” boxes and ALWAYS sign out of your instant messengers. (you’d be surprised how often this happens) Use Firefox if possible and always clear your personal details after using it. If the cafe system prevents this somehow, INSIST that the staff-member helps you do it.
It’s also a good idea to ask the staff-member what sort of security setup they have there – remember you’re the customer, it’s your money and your privacy.
Post a Comment