Chester Wisniewski .jpg

A safer way to pay: Comparing the security and integrity of 21st century payment systems

Chester Wisniewski

Continuing on from my BSides 2014 talk on credit card thieving malware, payment card systems and standards have evolved significantly and there are now many choices for both consumers and merchants to avoid being the victims of fraud.

This talk will look at how to determine what risks are worth accepting and the security benefits and downfalls of accepting and making payments using everything from PayPass/PayWave, Chip & PIN, Venmo, AliPay to ApplePay, Google Pay and PayPal.

While the security and ease of use of payment tech has improved dramatically in the last 20 years, this talk won't explore every option. Specifically I will leave the costs and benefits of using cash and cryptocurrencies up to the viewers own imagination.

An Apple a Day Keeps the Cybercriminals Away? Taking Lessons from Medicine to Motivate Good Cyberhealth Habits

Cybercriminals almost always pick the lowest hanging fruit, and consequently, as tools and technologies for protecting ourselves and our data have gotten more sophisticated, cybercriminals have shifted more towards exploiting human behaviour to gain access to systems, credentials, and data. Unfortunately, our investment in resources and research into human factors hasn’t kept pace with their exploitation.

The problem is many of the behaviours that protect us against threats – using strong and unique passwords, reporting spam and social engineering attempts, and securely sharing sensitive documents – are tedious to engage in. How do you get people to do things that aren’t fun or interesting, or part of their core job responsibilities?

The predominant model in Behavioural InfoSec uses fear, uncertainty, and doubt (FUD) to promote good security behaviour, but results have been unimpressive. We propose another way, turning the human tendencies that threat actors exploit to our advantage in the fight against them. Using real-world examples from within information security, and drawing on the field of health promotion as an analogy, we will talk about ways to help employees willingly take up good cyberhealth and hygiene habits.

Speakers Bio: Chester Wisniewski has been involved in the information security space since the late 1980s. He is currently a Principal Research Scientist in the Office of the CTO. Chet divides his time between research, public speaking, writing and attempting to communicate the complexities of security to the press and public in a way they can understand