NOTE TO CONSUMERS ON RELEVANT SECURITY ISSUES

CSC Europe understands the potential security risks faced by customers and would like to address the dangers faced when making transactions.
CSC Europe does not offer the use of security tokens. 
As a highly secure alternative, whenever a direct payment is made from a CSC Europe account, customers will be required to utilize a high Security Password.
CSC Europe implements both SMS and email notifications on transactions. This measure is primarily to assist in identifying any

fraudulent activity on accounts. It is our customers responsibility to contact us at the number provided on the SMS message the moment you realize a transaction has been made on your account that was not initiated by you.
To help understand the potential security risks faced, listed below are some typical examples you should be aware of, as well as some measures used to combat, types of fraud.
Please assist us in assisting you by being vigilant about your transactions.
 

Card Skimming

Card skimming is the practice of using an electronic device, known as a skimmer, to record account data encoded on the magnetic stripe on a credit, debit or ATM card.

Once the card information is skimmed, thieves use other methods, such as cameras, shoulder surfing (use of a camera or a person to read over the legitimate users’ shoulder), or copying to record PIN information (as in the case of restaurants).

Identity thieves have even gone as far as to set up entirely bogus ATMs in busy locations to skim cards. The user inserts their card and gets it back, but without any transaction occurring. The user assumes the bogus ATM, which has now copied all of the pertinent card information from the magnetic strip, is broken.

The bogus ATM machine is programmed to return the card—rather than just taking it and keeping it—because the latter action would cause the user to call their bank immediately and the card would be cancelled.

Phishing

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

Keystroke Logging

Keyboard logging is the practice of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. A keylogger can be a hardware device or small program that monitors each keystroke a user types on a specific computer's keyboard. As a hardware device, a keylogger is a small battery-sized plug that serves as a connector between the user's keyboard and computer. Because the device resembles an ordinary keyboard plug, it is relatively easy for someone who wants to monitor a user's behavior to physically hide such a device "in plain sight." (It also helps that most workstation keyboards plug into the back of the computer.) As the user types, the device collects each keystroke and saves it as text in its own miniature hard drive. At a later point in time, the person who installed the keylogger must return and physically remove the device in order to access the information the device has gathered. A keylogger program does not require physical access to the user's computer. It can be downloaded on purpose by someone who wants to monitor activity on a particular computer or it can be downloaded unwittingly. The keylogger program records each keystroke the user types and uploads the information over the Internet periodically to whoever installed the program.

Although keylogger programs are promoted for benign purposes like allowing parents to monitor their children's whereabouts on the Internet, most privacy advocates agree that the potential for abuse is so great that legislation should be enacted to clearly make the unauthorized use of keyloggers a criminal offense.

Web-based on-screen keyboards (such as the one provided by CSC Europe ) provide protection from most keyloggers. However, it cannot provide any protection from someone looking over your shoulder or from malware with screen logging capabilities. In the latter case an extra feature of our on-screen keyboard is the ability to hover over a key to select it. This avoids the problem of screen shots being taken for every mouse clicks and thus adds extra protection. At present we don't allow customers to turn on this feature but ask them to contact us, should they like to try it.

Fraud Velocity Monitoring

A formidable first line of defense against fraudulent activity, Fraud Velocity Monitoring program provides an early warning of suspicious authorization activity using two powerful tools: Authorization Velocity Monitoring (AVM), which can alert issuers to suspicious cardholder activity; and Merchant Velocity Monitoring (MVM), which can alert acquirers to questionable merchant activity.

Remember: