Finder has released a solution for secure online identity verification for banking details in its new app, a very timely solution given the current necessity for Australians to self isolate.

With the COVID-19 pandemic pushing Australia to the edge of a recession, more Australians will be looking online to see how they can find better deals to save money and reduce unnecessary spending. As more people go online, there becomes a greater risk of Australians being attacked by cyber criminals and having their personal information compromised, Finder said.

With 2.6 million unique monthly visitors, Finder wanted to reinvent its membership program back in 2018. While Finders existing model wasnt broken, it saw an opportunity to better serve users by leading the development of the Finder app, which aims to connect users bank accounts to track their spending habits and identify where they could save by switching products.

To do this, Finder needed a robust security solution that would keep users financial data secure.

The Finder app is designed to find members better deals for credit cards, home loans, savings accounts and health insurance. It does this by linking users financial data for analysis across thousands of financial products and notifies them of potential savings across those four main categories.

As Australia enters a new open data sharing landscape with Open Banking just around the corner, there is also a growing requirement for companies to be proactive in sourcing robust security solutions to maintain customer trust and loyalty when dealing with private details, such as email addresses, phone numbers, banking details and credit scores. COVID-19 has brought this need for remote security to the forefront even more.

Using multiple user systems, including a main website service and credit score service, meant Finder needed a solution that utilised a number of features to improve user data security and to consolidate several stores of user data into one unified system.

Finder chief product and technology officer, Joe Walker, said the aim was a defence in-depth security strategy.

If you've somehow gotten through the castle walls, we dont necessarily assume that just because youre inside, youre allowed to be inside. Its safer to keep running additional checks, and so we continue to re-authenticate users," he said.

Trying to build out authentication ourselves would divert all of the hundreds of engineers that we have working on key products and features for our members.

"We wanted to reduce the potential attack surface, and consolidating our member data into a single, secure system was the best approach. When our users provide us withmembership and financial information, they are placing a level of trust in us, and its important that we honour that trust."

When Finder began moving towards a microservices architecture and building their app, the company sought out an authentication provider that could provide strong security. Once the decision to use Auth0 was made, Finder started to migrate hundreds of thousands of user accounts to the new system.

The Finder app launched in mid-March, with plans to roll it out in the UK and the US. Within the first week of launching, the group received 10,000 downloads of the new app. With this many downloads comes the need for a robust platform that secures and authenticates personal information continuously, to prevent fraudulent activity and identity theft.

One of the security features Finder uses is anomaly detection. It prevents malicious attempts to access the website or the Mobile application as well as block further login attempts.

Finder further secures data by fully integrating Auth0 into their membership flow, with tokens refreshing regularly. This continuous authentication strengthens the walls of Finders data fortress.

For me, a secure member platform is a license to innovate safely and securely. Without a solid member platform thats secure, we wouldnt be able to innovate as quickly as we do. Any future work that we create, we make from eligibility programs or membership data which Auth0 has made possible, Walker added.

Follow CMO on Twitter:@CMOAustralia, take part in the CMO conversation on LinkedIn:CMO ANZ,follow our regular updatesvia CMO Australia's Linkedin company page, or join us on Facebook:https://www.facebook.com/CMOAustralia.

See more here:
Finder helps secure the Internet in a time of crisis - CMO

How a VPN works

In todays world of technological advancement, more than four billion individuals surf the internet daily. What most of these people do not realise is that they are viewing hundreds of pages without proper protection. Due to this, every website they visit has a digital trait of their personal data left behind. And while you may not think of this as harmful, numerous hackers can use your personal information or sell it on the black market. This is why, to keep the data of billions of individuals safe, many companies have advised the use of a virtual private network (VPN).

While VPN technology has existed in computers for years, individuals have recently discovered its potential to keep their data safe. This has happened due to multiple factors, for example, ISPs selling users personal information, hackers and governments stalking online activities for their purposes. So, it is not surprising that many individuals would want their data to be kept private.

Until now, many countries have developed their versions of internet security. Canada has also taken great interest in cyber-privacy by developing multiple VPN Canada technologies to keep the data of its citizens safe from potential harm. Before we look at the different types of recommended VPNs, let us first discuss what it is and how it works.

What is a virtual private network?

A virtual private network, or VPN, is a technology that gives its users the freedom to access multiple websites on the internet without their data or location being recorded. It offers numerous servers for different countries that can also help to hide any online action.

How does it work?

The way a VPN works is very simple. When users connect their device (computer, mobile or tablet) with a VPN, the technology changes their IP address to a different one that exists in another country. Your device is then enabled to safely roam different websites as if you are on a new location or server. This can help to access blocked websites or secure your personal data if you are using public Wi-Fi.

How many types of VPN are there?

There are multiple types of VPNs available to assist different devices or purposes. These types include VPN extensions

Some VPNs allow users to have browser accessibility in which they can easily install an extension on their browsers and use it to safely surf different websites. There are a plethora of VPN add-ons you can install on your Firefox or Google Chrome browsers. Various browsers like Opera already come with its own built-in VPN that you can turn on whenever you would like to protect your data or access a blocked website, such as Netflix or Hulu.

The editorial unit

Read the rest here:
How a VPN works - The Upcoming

@akshita

Tech savvy writer who loves technology, coffee, and writing!

Keeping the cryptocurrency wallets secure is very important for all those people who are going to use various crypto wallets for the first time and are unaware of security risks related to crypto wallet usage.

Many naive crypto wallet users trust the promise of blockchain technology in creating a secure system for users where someone can't hack into your cryptocurrency and steal it. Blockchain is indeed a model of internet security since it is underpinned by a distributed ledger that creates a chain of immutable records.

But, you must know that the security promise offered by revolutionary blockchain tech doesn't automatically apply to your crypto wallets. There is a surprising risk associated with crypto wallets usage and this is not because of blockchain. In most cases, the security risk related to your crypto wallet arises because of your wallet or exchange provider. Wallet providers often track the information you provide to them while signing up.

As competition is continually growing among crypto wallet solution providers, companies seek more information about their customers so they can provide more personalized product offerings. Similar to digital wallets in real-world, tracking software is used by many companies in their crypto wallet solutions today to seek information about crypto wallet users - their search history, email or web activity information so they can identify what customers actually want and can deliver the exact results.

Hence, it is very important for beginners in the crypto space to take full responsibility for safeguarding their funds stored in the crypto wallet.

To help you achieve this, the article would highlight the key security issues and risks related to crypto wallets usage, how to choose a crypto wallet safely and key measures to safeguard your crypto wallet funds.

But, before moving on to the actionable insights related to how to make you cryptocurrency wallet secure, lets first try and understand what is a cryptocurrency wallet and how it differs from a digital wallet or eWallet:

What Is a Cryptocurrency Wallet?

In other words, a crypto wallet allows a particular user to send/receive or exchange bitcoin and other popular cryptocurrencies with others easily. If you want to send/receive bitcoin or any other altcoin, you simply need a crypto wallet.

How Does It Work?

Now, that you have got the basics covered, lets understand how crypto wallets work:

Unlike the real-world physical wallet, your cryptocurrency is not stored in the digital wallet in a physical form. Instead, it is digitally stored on the blockchain - a revolutionary,

ground-breaking technology that contains an immutable, circular record of every single transaction incurred on the network, including the total account balances held by each wallet address. The software inside the crypto wallet is directly linked with blockchain and allows you to submit transactions on the blockchain ledger. The wallet is responsible for the generation of public and private keys for you, without which you wont be able to access or transfer funds.

So, whenever you send bitcoin or any other cryptocurrency, you essentially transfer the ownership of your wallet coins to the other wallet address where the coins are being sent. To access and unlock the funds, the recipient wallet owner must have the private key linked to its wallet address and it must also match the public key/address where you have sent the coins. Remember, no actual exchange of real coins is done here and the transaction will only be recorded on the blockchain along with an update in the crypto wallet balance of you and the receiver.

What Are the Different Types of Cryptocurrency Wallets?

Further, these two wallets can be divided into the following categories:

Online/Web Wallets (Hot Wallet)

These wallets are cloud-compatible and are accessible from any internet-connected device from any part of the world. These wallets offer you extreme convenience as you can store your private keys online - which would be secured by a third-party on your behalf. Although, your private keys are at the highest risk of getting stolen online from online due to hacking attacks and theft.

Desktop Wallets (Hot Wallet)

They are generally installed on your computer system or laptop, just like any other software. Although, desktop wallets are at high risk of getting affected by malware or computer virus. You should install strong antivirus and have a firewall to protect your wallet private keys. Popular examples include Jaxx, Electrum, etc.

Mobile Wallets (Hot Wallet)

These wallets run via an app on your mobile and offer extreme convenience as they can be used for instant transfer of payments to anyone, anywhere using virtual currencies stored in your account. Some mobile wallets also have web or desktop versions. Popular wallet examples include Coinomi, Mycelium, etc.

Hardware Wallet (Cold Wallet)

Hardware wallets store users private keys on a hardware device like a USB. As users private keys are stored in some physical device, they offer the highest level of security and are least vulnerable to online attacks. Many crypto users consider them the safest option to store their digital money. Hardware wallets can be connected to a PC and also compatible with several web interfaces. To send currency from a hardware wallet; you just need to plug your device to an internet-connected PC or device, enter a pin and send currency. Popular examples include Trezor, Ledger Nano S, etc.

Paper Wallet (Cold Wallet)

How a Crypto Wallet Is Different from a Traditional Digital Wallet/eWallet?

Despite millions of people across the world using cryptocurrency wallets, there is still a misunderstanding when it comes to understanding how they differ from traditional digital wallets:

Lets understand each in detail:

A Cryptocurrency wallet is essentially a software program that enables users to send, receive or store a myriad of cryptocurrencies or digital currency. It also enables users to monitor their crypto balances. These wallets also store the private and public keys of a user and interact with various blockchain so that users can send or receive cryptocurrencies.

On the other hand, a digital wallet or e-wallet is a software-based program or system that securely stores users payment-related information in a secure environment and eliminates the need to enter account information manually for users, every time they make online payments.

E-wallet allows you to store payment details like credit card, debit card information, bank account information, etc. for making faster payments. E-wallets can also work as the main interface for using cryptocurrencies for users if they come with built-in features to interact with various blockchains.

Note: Digital wallets also act as the main interface for using cryptocurrencies like Bitcoin for users if they come with built-in support for crypto storage or exchange.

Heres the difference:

Unlike digital wallets and traditional pocket wallets, a cryptocurrency wallet does not store any currency. All that exists in a crypto wallet is a record of users crypto transactions that are stored on the blockchain network - which might be visible or invisible to other users, depending upon the blockchain type - public or private.

Crypto wallets store the public and private keys of users engaged in the crypto exchange. Such a facility is simply available from a typical digital wallet.

Unlike a typical digital wallet, a crypto wallet has an interface that allows it to interact with various blockchain for sending or receiving crypto on behalf of users.

Digital wallets can be linked to a banks mobile app or any payments platform like Paypal or Alipay, which is simply unavailable in case of crypto wallets.

Examples of Cryptocurrency Wallet Scams in the Crypto Industry

Now that you are fully aware of the working of Crypto wallets and how they differ from traditional digital wallets, let's look at some of the scams in the crypto industry to give you an idea about the security risks associated with the crypto wallet usage:

Case #1

Case #2

Case #3

Risks related to Cryptocurrency Wallet Usage

Spoofing

In the case of spoofing, the malware present inside the user system tries to change the senders wallet address in an attempt to distract another person to send cryptocurrencies to a wrong wallet address. The crypto wallets with less secure security protocols may often become victims to such hack incidents. Hence, always check the level of security protection a crypto wallet offers to you.

Loss of Funds

As discussed, you need both private and public keys to access your crypto wallet and funds stored inside it. Hence, it is important that you store both keys securely. Keeping private keys in an encrypted form is equally important to minimize the possibility of someone accessing your wallet funds without your permission.

High Transaction Fees

While using crypto wallets, the users also pay to pay transaction charges, which might go up to 50% of the sent amount. Ignoring these things might lead to a big financial loss for you.

Centralized Structure

You must know that the public address of your crypto wallet is visible on the blockchain network (excluding private ones) that can readily be seen by everyone; hence, your wallets are at risk of attacks from hackers.

Reversing Payments

While using crypto wallets for virtual current transfer, always remember to enter the correct public address of their receiver, as transactions once performed on the blockchain cannot be reversed due to its nature. You might lose your money as it will be transferred to a wrong wallet address.

Actionable Insights for How to Secure Your Cryptocurrency Wallet

If you love using crypto wallets, here are some of the important safety measures that you should keep in mind to secure your cryptocurrency wallet and funds stored inside:

Keep your Private Keys Secure

Once someone gets access to private keys or passwords of your crypto wallet, your funds are simply gone. So, always remember to store your private keys safely and make sure no one has access to your private keys or wallet password.

In order to keep your private keys safe, follow these safety tips:

Choose a Crypto Wallet Wisely

Always choose a wallet that stores your private keys in an encrypted form online. Crypto wallet solution providers like Corin are offering private key encryption that prevents insider hacking for your crypto wallet. For users concerned about cyber threats, cold wallets are the best solution. You can use cold storage wallets like Trezor or Ledger so that cybercriminals stay away from your funds stored inside a crypto wallet.

Make your Youre using a Secure Internet Connection

Majority of the public networks or wi-fi networks are vulnerable and have security flaws also, which cybercriminals can easily take advantage of for hacking your crypto wallet funds. If you're using a hot wallet to connect to your crypto wallet - avoid connecting to a public network. It is recommended that you use your private or home networks. Also, make sure your private wi-fi uses strong encryption like WPA-2 protocol.

Avoid Phishing - Email and Web

In the crypto world, it is common for hackers to perform phishing attacks through email and Google ads, To avoid becoming part of such phishing scams. Always check the emails that you receive from your crypto wallet solutions providers have their domain spelt correctly and try to avoid logging into their website by clicking on the Google Ads. Remember, once your private key is exposed to a phishing site, your crypto funds are gone.

Cross-check the Wallet Address

Make sure when you connect to an exchange or hot wallet, you're logging into the right address- the one provided by your wallet solution provider. Also, log in to websites only that are using a valid HTTPS certificate. Most legit sites have HTTPS secure. For extra safety, try browser plugins like HTTPS Everywhere

Keep an Eye on Auto-updates

It's always recommended to turn off auto-updates while using web apps related to the crypto wallet. The bugs arising in new software updates can cause massive losses for you as a crypto wallet account holder. Wait for 2 or 3 days to track any potential issues in the new release of the crypto wallet app or software. Once the app is tested by other users, you can install it without any risk.

Use Strong Passwords

Enable Two-Factor Authentication (2FA)

You should always enable the two-factor authentication functionality if provided by your crypto wallet solution provider. Better you choose crypto wallet solutions that offer this functionality by default. Remember, two-factor authentication is done in different ways by different wallet providers. For example, A Google authenticator app uses a 6 digit code that changes regularly and is unique for every user. Also, whenever possible, use wallet solutions with software or hardware 2FA rather than SMS.

Separate Your Crypto Funds

Spread your total cryptocurrency wealth across multiple wallets - no matter hot or cold to minimize the loss in case of a hack.

Backup your Crypto Wallet Regularly

It is always a good idea to backup your crypto wallet in case you lose the device that is used to access your crypto wallet. Also, make sure the backup is sold in a safe location. Backing up your crypto wallet helps you in the easy restore of your wallet with all-important account details intact.

Now, the Major Question - Are Cryptocurrency Wallets Really Safe for Beginners?

Well, the answer is both a yes and no! If you perform a transaction on the blockchain, it simply cant be reversed and If the hackers somehow get access to your crypto wallet private keys, it would not be possible for you to do anything in such a case. For this reason, you as a beginner in the crypto sphere might get worried.

But, not be disappointed completely. As blockchain is a new and evolving technology, compared to other techs, researchers and developers are working hard to figure out every possible solution for security loopholes in virtual money transfer on blockchain networks. A lot of firms are coming up with new and advanced options, i.e., private cryptocurrencies, AI-based wallets, etc. to safeguard users crypto wallet funds.

Summing Up !

I hope you enjoyed reading my blog about the security aspect of crypto wallets. If you have read it completely, you should have developed a really good understanding of how crypto wallets work in the blockchain sphere.

You might have also obtained knowledge about different kinds of wallets and which one is best for you if you are planning to trade or invest in cryptocurrencies for the very first time, depending upon the security protection offered by each.

Also, if you follow the security measures given in this blog properly, hackers will have a hard time sneaking into your crypto wallet accounts. Remember crypto offers great power into the hands of the general masses and unbanked, but with great power comes greater responsibility. So, try to master the art of safeguarding your crypto wallet before it's late.

If you enjoy reading this post, do let me know your thoughts in the comment section below. You can also suggest your viewpoints or ideas for making the crypto wallet security checklist better, given in this article.

Subscribe to get your daily round-up of top tech stories!

The rest is here:
Cryptocurrency Wallets: Everything You Ever Wanted To Know - hackernoon.com

Analysis The price of dot-coms will steadily increase over the next four years following DNS overseer ICANN's controversial renewal of Verisign's contract to run the top-level domain.

The wholesale price of a dot-com is $7.85. That will almost certainly increase by seven per cent starting in 2021 and each year thereafter until the contract ends in 2024, ending up at $10.29, providing dot-com operator Verisign with hundreds of millions of dollars in pure profit. Verisign, which has operated the dot-com registry for the past two decades, saw its share price jump seven per cent on the news.

ICANN felt it had little real choice but to approve the new contract, which involves the management of millions of dot-com domains, after it was negotiated directly between the US government and Verisign, and passed onto ICANN complete with a public announcement in 2018. Although the US government no longer has direct oversight of ICANN, it retains a significant influence over the domain name system and the dot-com contract is one of those areas.

But how non-profit ICANN has dealt with the contract raises yet more questions over its stewardship of the DNS world. Not only did the organization use its unique position to extract $20m from Verisign in return for renewing the contract, it also effectively ignored its own public comment process and laid bare its determined ignorance of the multi-billion-dollar market that it oversees.

Over 9,000 public comments were sent to ICANN regarding the contract renewal: a huge response for an organization that rarely receives more than 50 for a comment period. The organization admits in its summary of those comments that 95 per cent were explicitly opposed to the price rises.

But, rather than address those concerns in a constructive and objective manner, the staff-produced summary instead picks sides. It goes out of its way to diminish the arguments made against the changes as being self-interested, and actively argues that the volume of comments is not a cause for concern but a nefarious effort to influence the process.

One of the reasons for the high volume of comments is that several organizations involved in the speculation sector of domain name industry mobilized their members and customers to submit comments to ICANN, argues the staff report [PDF].

It goes on: The Internet Commerce Association (ICA), a group that represents domain investors, was particularly active in expressing its dissatisfaction with the proposed increase to the maximum wholesale price for .COM registry services, and mobilized its members to submit comments to ICANN org including creating and promoting a tool to generate templated comment submissions forms available on its website, as well as using blogs and opinion pieces in various industry sites.

In the version [PDF] of the public comment summary made available to ICANN board to assist in making the decision, these views are watered down.

But in their place, somewhat bizarrely, the staff lists the top-selling dot-coms of all time voice.com for $30m; sex.com for $13m as an indicator of the financial value of dot-coms domains, even though they represent an extreme end of the market, equivalent to equating the global real estate market to the sale of a mansion in the Hollywood hills.

There are over 145 million dot-com domains and while there is a healthy secondary market, it represents only a tiny percentage of the domains that exist. The vast majority of dot-com holders are held by individuals or companies who do not wish to sell them but have built their online presence on them, and will now have to pay significantly more following this contract renewal.

ICANN ignores this and instead delves, very briefly, into the world of domain name reselling: According to Namebio.com the average price of a .COM domain name traded on the secondary market and reported to Namebio.com was US$2,415, while the median price was US$1,643.

Verisign has a monopoly over the dot-com registry and makes 93 per cent of its $1.23bn annual revenue from dot-coms sales. Industry experts say that thanks to the way that internet registries work at scale, the costs to Verisign of running the registry are going down year after year. The business already makes at least a 50 per cent profit margin on dot-coms and any price increases will be almost all pure profit.

Verisign has frequently used the enormous financial heft that the dot-com contract gives it to control and distort the rest of the domain name market, not least when it secretly bought the rights to the .web registry, thereby killing off a possible competitor to dot-com. ICANN received the $135m auction price.

While acknowledging the central question of economics as to whether to approve dot-com price rises, and inserting its own commentary on the dot-com secondary market, ICANN then attempts to claim that economics should have no impact on its decision.

From the report: While some commenters requested market analysis or economic study prior to ICANN taking action on the proposed amendment, ICANN org is not a competition authority or price regulator and ICANN has neither the remit nor expertise to serve as one.

It goes on: ICANNs mission is to ensure the security and stability of the Internets unique identifier systems. Accordingly, ICANN must defer to relevant competition authorities and/or regulators, and let them determine if any conduct or behavior raises anticompetition concerns and, if so, to address such concerns, whether it be through price regulation or otherwise. As such, ICANN org has long-deferred to the DOC and the United States Department of Justice (DOJ) for the regulation of wholesale pricing for .COM registry services.

Despite ICANN attempting to argue it has no need to carry out economic analyses of the market it sets the rules for, it is happy to directly benefit from its decision. It appended a $20m stipulation to the contract signing, requiring Verisign pay ICANN $4m a year for the next five years in order to educate the wider ICANN community about security threats.

No such agreement exists with any other registry that ICANN oversees, and there is no explanation given for why this additional money is needed now, nor why such efforts are not covered by the existing ICANN budget, nor why the $20m needs to be attached to the signing of the new dot-com contract. It is transparently a pay-off negotiated by a market regulator from a company it regulates in return for its signature on a new contract.

Incredibly, the refusal to carry out any kind of economic analysis and an insistence that it is not a price regulator (despite the fact that the new contract continues to put ICANN in the position of deciding prices) comes as the organization faces another major decision entirely built around economics.

ICANN is due to decide in April whether to approve the sale of the .org registry to an unknown private equity firm for $1.13bn. That proposed sale was a direct result of ICANN approving a request by the current operator the Internet Society to lift price caps on all .org domains.

Despite overwhelming opposition to lifting those price caps, ICANN again ignored its public comment period and made the argument that it was not a price regulator in approving the changes. Its staff report on the thousands of comments was just as skewed and inaccurate as the one for the dot-com contract renewal. The day after the report was published, former ICANN CEO Fadi Chehade registered the company Ethos Capital which then went on the offer a billion dollars for .org a few months later.

In short, ICANN appears to be failing to do its job as DNS overseer, insisting that it can ignore economics while at the same time being thrown from crisis to crisis by those exact same forces. Not having the expertise is one thing; pretending that because you dont have it, you dont need it is quite another.

If the ICANN board wishes to be taken seriously, it must insist that the organization add a new economics department, and staff it with new and competent bods.

Sponsored: Webcast: Why you need managed detection and response

Continued here:
Dot-com price rises on their way over the next four years: ICANN approves Verisign contract, walks off with $20m - The Register