New OpenSSL flaw puts online security back in the spotlight

Hot on the heels of software bug Heartbleed, another high-profile OpenSSL flaw has emerged that could still allow hackers to intercept supposedly secure traffic.

Up until last month when Heartbleed first came to light, it was thought the presence of the SSL encryption padlock was regarded as sufficient to reassure web surfers that they were safe. But since then fears have emerged about another possible computer hack which targeted hundreds of thousands of computers worldwide with malware, enabling the theft of more than US$100m from business and personal bank accounts.

Now it has emerged , that a decade-old flaw may still let hackers intercept supposedly secure traffic passing through public wi-fi hotspots.

It’s worth noting that none of the security flaws actually involve cracking OpenSSL encryption, they simply involve ways of bypassing it – much like deadlocking the front door while leaving a downstairs window open.  Irrespective of faith in encryption algorithms, it may be that more windows have been left open in OpenSSL than first feared.

Therefore it’s fair to never assume that online security is actually secure and our huge volume of connected devices means we are still vulnerable. Online protection has to be underpinned by a layered security strategy backed up by multiple checks form numerous data sets.

Having a host of tools that includes device intelligence to block compromised card use, fraudulent enrolments, phishing attacks, hidden measures that assesses suspicious activity and multi-set identity verification, is vital. Given the vulnerability of entire online estates coupled with the exponential rise in demand for mobile channels, having suitably compatible anti-fraud technology will be critical from here on.