Consumer Affairs Victoria issues warning to users of Apple’s iTunes store

Consumer Affairs Victoria (CAV) has issued a warning to users of Apple’s iTunes store, after recent reports of unauthorised account access.

The notice issued June 14 was headlined “Beware of App Store fraud – News alert” and states that CAV is aware of the concerns.

The Global Mail published an article examining reports of Apple store security breaches on February 6.

“For more than a year, iTunes users have been reporting on online Apple customer forums that their accounts have been hacked, their gift cards spent, their PayPal accounts used or their store credit exhausted,” wrote Sarah-Jane Collins and Adam Glyde.

Since then Apple Insider reports that Apple has implemented new measures in order to ensure the safety of customer information, requiring users to provide security questions and backup email addresses.

Internet security expert Mark Gregory says that once cybercriminals have access to a system storing consumer’s private details, then that information can spread very quickly.

As such, Mr Gregory believes government agencies need to take further action to ensure multinational companies are taking the necessary measures to protect confidential data.

“It’s not just the money being lost, it’s the customer’s private and personal data and to some extent that’s more import than losing money,” said Mr Gregory in an interview with the Sydney Morning Herald on June 19.

Currently, any business which processes credit or debit card information is required to adhere to the Payment Card Industry Data Security Standard (PCI DSS), a list of regulations set down by several of the world’s leading payment card service organisations.

However the PCI DSS is not a simple one-size-fits-all policy and retailers of different size and scope will find that they are obligated to meet different requirements.

An external PCI DSS compliance test is therefore one of the most convenient ways to ensure your business is meeting its security needs and fully safeguarding customer information.

Apple suggests that iTunes users change their passwords frequently and only download App’s with a long track record of positive user experiences in order to minimise the chance of having their information stolen.

DSD finalises Apple iOS 5 security audit

After months of negotiations and security audits, Apple’s latest mobile operating system has finally been given the green light for use by government agents.

The Defence Signals Directorate (DSD) has given iOS 5 a security certification level – meaning that the iPod Touch, iPhone and iPad are all cleared for use with documents classified as Protected as long as they are running with the approved framework.

As part of its approval process, the DSD has issued a guide through the Department of Defence Intelligence and Security that details the steps required before a particular device can be used to store classified information.

While not cleared for storing or perusing information that has a rating of Confidential or above, devices running iOS 5 and set up in the configuration listed in the document can be used to handle data that is classified as Protected.

The DSD also noted that the instructions contained in the paper were quite technical and suggested that they only be carried out by qualified, experienced professionals.

“Some instructions in this guide are complex, and if implemented incorrectly could
cause serious effects to the device, the network and the agency’s security posture,” explained the directorate.