We’re thinking Blippy may be just a proverbial blip on the radar. The passive social networking site (meaning, it updates your status for you) tells your friends how much you’re spending, and where. It  updates a twitter-like status about your credit card purchases.

The good:

• if you’re trying to save dough, this could be a positive means of accountability – you spend frivolously and your friends immediately know it.
• couponing and bargain-hunting gone wild. If your friend found something on sale, this could be a valuable alert.
• a marketer’s dream. This takes ‘keeping up with the Jones’s’ to a whole new level.

The bad:

• it requires you to store your credit card information and login information on their site. Um… is our memory for corporate financial data leaks really that short? Are we fool enough to divulge this? If so, maybe we deserve to have our identities stolen…
• surely no burglar, criminal, or otherwise mischievous soul would ever use this for ill. And if you believe that, I have a bridge to sell you.
• are we really so materialistic and driven by instant gratification that we need a whole new social networking site to help retailers manipulate our spending habits?

Here at Tricerion, we think a site like this has the potential for more harm than good. It would certainly be useful to hackers to gain access to the data stored there, and we haven’t seen anything from Blippy to allay our fears about their site security. Maybe we’re just overcautious (or maybe we just know who we’re fighting really well).

How about you? What do you think of Blippy? Would you blip (or is it bleep? maybe bleet?)?

Did you see this? Christian Harris put up a nice blog last week calling alphanumeric logins obsolete. Thanks for the shout-out Christian.

The same article tells us that identity theft is up 33.1%, according to CIFAS, and that’s before taking into account the increase in fraud that we expect over the holidays. It seems that come holidays, crooks get greedy, which corresponds with a year-end boost in opportunity.

Happy Christmas to all and to all good security.

Don’t you know that December is a great time to blog? There are end of year reviews, predictions for the next year, holiday hubub – this stuff nearly writes itself. Speaking of which, Earl Perkins at Gartner put up an interesting question the other week that prompted some soul-searching. He wants to know what identity access management companies (we’ll call them IAMs for short) think about.

He proposes, based on extensive knowledge of the market, that most IAMs are focused on one of two things – either purely securing access to data, or on the other hand, understanding all aspects of the access event. I think we’ve got something a little different going on here.

When I walk through the office the buzz I hear from my colleagues takes on three very distinct tones.

1. Usability. Yes, real security is why we’re in business. But perceived security is what sells solutions and makes them popular. If our clients’ customers are happy with what they see and how user-friendly it is, we’ll succeed. Of course, that assumes that we do a rock-on stellar job of actual security, but hey, in my office that’s a non-issue. What we’ve got rocks the house.
2. Staying ahead. We can stop man-in-the-browser attacks. We have a handle on phishing, in all its many varieties. Key-logging – done. Password-stealing malware? Bam! Take that! (as Batman would say). But what’s next? What are the criminals working on next, and how can we beat them to the punch? For us, it isn’t enough to protect our clients from today’s problems. We want to protect them from tomorrow’s too.
3. Your gramma, or Gram, as we like to call her. Can she use our product? Can she do it easily? Can someone trick her into using it to divulge sensitive information? Does this protect Gram? Does it do it in a way that will leave her satisfied at the end of her transaction, looking forward to her next online interaction? See, knowing that Joe Techie can use our system means nothing to us. He can do all sort of things online, and if he has issues he knows where to go for help. We want to make sure Gram is taken care of, happy with her interaction, and ready to tell all her friends that she doesn’t know what all this hullabaloo is about – her bank (or favorite online store) is easy to use and entirely worthy of her trust.

That’s what we talk about in our office. Well, that and the new curry place down the street. They’ve got a mean Tikki Masala. Ok, fine. So we also talk about which fair trade coffee we’re going drink this afternoon and who’s going to the cricket match this weekend. But that’s just us.

CA, Inc. issued a report last week detailing the top security threats of 2009, as well as predictions for 2010. What’s surprising?

Fake or rogue security software was the most prevalent threat of 2008. It seems criminals know that we as a population have a weakness for security products. We want to be safe, so they hit our vulnerability with security products that are far from secure. This malware product has the look and feel of McAffee, only it’s not quite right.

Email phishing seems to be on a decline, but phishing as a whole is increasing, with internet-based scams leading the pack. Our awareness campaigns to caution customers about email phishing paid off – the customers grew email-savvy, but the criminals grew more sophisticated.

As for 2010, CA expects to see an increase in Malvertising (advertising malware), threats to social networks, and – not so surprisingly – denial of service attacks like we saw this year in political showdowns in Moldova and Iran. Banking trojans are expected to be on the rise as well, and we’d be fool to think criminals would ever really back off financial institutions, since the carrot at the end of the stick is so big.

The problem: banking websites, while highly useful and in fact necessary in today’s virtual economy, are also highly vulnerable to fraudulent attacks.

They could approach it the way AT&T did when they realized that 3% of users (iPhone owners) exploit 40% of bandwith – AT&T started looking for ways to discourage iPhone users from accessing the data services they so love. Instead of using the situation to build business and expand services (which is what any strategically driven company would do) AT&T looked for ways to hamstring their customers.

Banks could take the same approach, right? Encourage their customers to use online banking less. Scale back online services. Provide second-rate security. Promote fear in their customers.

Of course, that would mean technological dinosaurs that take the path of least resistance would inevitably lose customers to banks that provide the online services their customers want. Penalizing users for creating business process conundrums does nothing but propel corporations into decline.

So maybe, in an ideal world, banks might think to increase security to keep up with online threats. Novel idea, right? In fact it is, in a way. As online risks have grown, the majority of banks have done little to keep up with the threat level. Sometimes it’s easier from an operations perspective to reimburse money lost through identity fraud than it is to actively protect against it.

Come on, folks. Are we really lazy enough to believe that doing nothing and suffering attack is better than proactively adopting solutions to protect our customers? Check out Tricerion’s SafeLogin. It’s simple. It’s elegant. It’s easy from the bank’s side and seamless to the user.

Don’t make the mistake AT&T did. Move with the market. Take the lead. Get your groove on.