Internet security is important, if you do not protect your self with app like CanYa, you could find yourself getting hacked
The CanYa Team

How secure are online payments?

Internet security is complicated but this blog post helps spell it out in layman's terms.

It’s great. Totally secure. Just great.

Well that was a short blog post! Thanks Donald. But let’s take a look a bit deeper.

All connections to and from CanYa devices & services are secure, encrypted communications. This not only helps ensure the integrity of our servers and code, but to protect your personal information when in transit.

CanYa will secure your data so that you are safe from external threat
Get secure with CanYa

How easy is it to see unencrypted comms?

You see, anybody can fire up Wireshark and listen in on communications on their network. If there are any plain text comms, we see something like this:

Unencrypted text can easily be seen and you data could be stolen; it is important to protect your information!
Creepy, right?!

Now let’s take a look at what happens when we use encryption:

Encryption is important to protect you data whilst in transit, CanYa provides this security as a base standard.
Good luck hackers, CanYa makes it very difficult to get your data

So that is all we need right?

Sort of.

Firstly, security is an evolving beast. Researchers periodically find theoretical and practical attacks to defeat encryption methods. For example if the method to generate random numbers used in encryption is found to be able to be reverse-engineered, they come up with a better way of producing random numbers. The agency largely responsible for these standards is NIST – a US government standards agency. The reputation of NIST was damaged with Edward Snowden NSA leaks which showed the NSA introduced weakened encryption standards.

The internet as a computer guy spinning a globe; CanYa makes sure he is harnessed for you.
The internet is ever-changing, don’t get caught out!

The capabilities of nation states to decrypt communications is largely unknown, but assumed to be possible but with a degree of difficulty. Simply put, crooks cannot decrypt your data, but large governments probably can. In practice though, nation states do not care about your bank password (which they control through government regulation anyway), or could probably easier just get your data through a warrant.

How do you secure online data?

The latest spec used for web encryption is Transport Layer Security (TLS) v1.2. People often refer to this as “SSL” which was the name of the older spec (now considered insecure). The phrase “SSL” now just generally means “encrypted“. You will often see an address bar padlock(padlock.png)Β to show your data is encrypted in transit with SSL/TLS.

When a secure connection is established between two devices, they need to “handshake” and transfer some keys between each other (“key exchange“). This means encryption is sometimes a little slower to establish a connection (maybe 10-100ms), but overall well worth it. The TLS v1.3 draft spec. is already implemented in the next Apple iOS11 release which performs key exchange during the initial TCP handshake thus improving connection speeds significantly.

My favourite webcomic on encryption is from XKCD.com:

security.png

Is CanYa safe?

So an important part of any security implementation is containing the keys. At CanYa, we have a robust security policy that includes need-to-know, locked down privileges and the use ofΒ 2-factor authentication for all system access logins — this defeats the $5 wrench because a login becomes both something you own (physical) plus something you know (mental) which is harder to defeat.

Locked padlock on a smartphone app is representative of CanYa's security with data

Now comes the good part – your data. The good news is – we don’t even store any of your secure data! So even if the $5 wrench works, your bank & credit-card are safe. We use a third party payment service called PIN Payments. This is a great Australian company that does all of the extra credit-card & financial compliance requirements, and gives us an interface to work with.

Pin Payments is an online payment service that is used by CanYa to protect all of your important financial data

 

For example when you add a credit-card into CanYa:

  1. We send this to PIN over an encrypted connection.
  2. PIN store your card (encrypted at rest).
  3. We keep the last 4 numbers only for display purposes and dump the rest immediately.
  4. CanYa get back a de-identified anonymous token (e.g. “ABC123”). We then use this token to ask PIN to do things like “Please debit $50 from card ABC123 into our account”, or “Please pay XYZ123 $50 from our account”. That is it.

Totally safe. Really secure. Great.

 

0 comments on “How secure are online payments?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: