NTA Monitor

Latest News

Will IE6 be the next NT4?

1st October 2009 All penetration testers will remember the long tail of Windows NT 4.0, and how this operating system continued to be used long past the point when security updates stopped at the end of 2004. For many years the presence of an unpatchable NT4 server was a common issue in a penetration test report, and it is only now, almost five years after security support ended, that finding an NT4 system on a network is becoming a rare event. Read More

One in four web applications susceptible to high risk security flaws

7th September 2009 NTA Monitor has reported a 10% increase in the total number of web applications found to have at least one high-risk security issue... Read More

Organisations facing a changing threat landscape

20th July 2009 According to NTA Monitor's 2009 Annual Security Report, the average number of Internet security vulnerabilities is on the rise... Read More

The Return of the Insider Threat

1st July 2009 When NTA started security testing twelve years ago, the main focus was on the insider threat. There were many reports with statistics showing that most security breaches were due to insiders. By contrast there was very little focus on the external threat via Internet and third-party network links. Back then many companies did not even have a firewall. Read More

Women less security conscious than men with PIN numbers

Women take security much less seriously than men when it comes to dealing with PIN numbers, according to a new survey out today.

A poll of over 500 men and women, undertaken by internet security testing specialist, NTA Monitor, shows that when choosing PIN numbers, 20% more women than men are concerned with how easily they can remember their PIN numbers, rather than how secure they are.

The NTA Monitor 2004 PIN Number Survey also shows that women are twice as likely to choose one PIN number to cover all their debit/credit cards, as they are to choose different numbers.

The advent of Chip and PIN technology means there are currently 20 Chip and PIN transactions taking place every second in the UK and Roy Hills, technical director, of NTA Monitor warns PIN number security is now more important than ever: "Credit card fraud in the UK is growing rapidly and currently costs the industry over £400 million a year - equivalent to £4 for every credit and debit card issued in the country. Over the next two years, fraud levels are expected to rise to over £800 million."

When talking about authentication, there are three possible factors:

Fraud reduction has been a strong argument in favour of Chip and PIN implementation. The Chip is a smart card and cannot be skimmed like its predecessor, the magnetic strip card, and combines two of the authentication factors. Two-factor authentication is a lot harder for a fraudster to compromise because if the card is stolen, usually the person still retains their PIN number, but if the PIN is compromised, the thief needs the credit card as well in order to make a transaction. However, it is still incumbent on card users to ensure their PIN numbers are as secure as possible.

"Two thirds of the women we questioned are using the same PIN number for all their cards, making them a more vulnerable target for fraudsters," continues Hills. "It only takes someone to see you entering your PIN number, then if your cards are stolen and one number fits all, they will have access to all your accounts."

Worryingly, another key finding from the NTA Monitor 2004 PIN Number survey reveals that 8 out of 10 people never change their PIN numbers, and of those that do, only one in 10 change their PIN numbers more than once a year.

Hills continues: "Whilst changing PIN numbers frequently can by cumbersome, with the need to memorise them, we advise everybody to change their PIN once a year, or at least every time they are issued with a new card."

On a positive note, it seems that writing PIN numbers down to remember them is a thing of the past. The majority of people surveyed, over 80% of both men and women, now memorise their PIN numbers.

NTA Monitor offers the following advice to ensure PIN number security:
  1. It is not necessary to use a PIN number for telephone, online or mail order purchases, so never give out your PIN number when making these types of transactions.
  2. When choosing a PIN number make sure it is memorable but not too obvious - avoid numbers like 1111 or your date of birth.
  3. Never share your PIN number with anyone. If you suspect someone knows your PIN number, request a new one from your bank immediately.
  4. If you have a joint account, cardholders should have individual PIN numbers.
  5. Avoid writing your PIN number down, but if you have to, never keep it with your card.
  6. If you have more than one card, have separate PIN numbers for each one.
  7. Don't be afraid to shield the Chip and PIN terminal when you are entering your PIN number.
  8. Change your PIN number(s) once a year, or at least every time you are issued with a new card.
  9. Check your account details regularly for any suspicious transactions. If you see anything untoward, report it to your bank immediately.

NTA Monitor surveyed 526 people at Central London high street locations from 23.11.04 to 25.11.04. The 95% confidence interval for this sample size is ± 4%.

This article was first released on: 10th December 2004