John Phillips/UK Press/Press Association Images
Tesco is facing criticism from the web security industry for how it is storing customer data. One blogger has raised concerns about the way passwords are being stored, and another expert has confirmed to AOL that some of the standards Tesco is using are 20 years out of date.
Tesco, meanwhile, insists it is not putting your data at risk, so what is going on?
Fight back - latest on scams
Concerns were raised by Troy Hunt, a security expert, on his blog
. He said there were "a whole raft of basic, flawed practices which jeopardised the security and privacy of shoppers."
The initial issue started when Hunt asked the site to send him his password, and it did. This concerned him, because it means the way that passwords are stored are not encrypted. In technical speak they are ideally both hashed and salted. Tesco, Hunt said, was doing neither.
Fight back - latest on scams
His concerns are shared by the security industry. Graham Cluley an expert at Naked Security told AOL: "Any website that can send you your password isn't storing it safely. Tesco doesn't appear to be following best practice in the way it is storing data. In some things it appears to be 20 years behind, with is inexcusable for a big brand like Tesco."
However, Tesco does not share these worries. It issued a statement saying: "We know how important internet security is to customers and the measures we have are robust."
"We are never complacent and work continuously to give customers the confidence they can shop securely."
Cluley and Hunt are concerned by this too. Cluley explains: "Their response has been disappointing: just stating that their processes are robust. We would like to see them being proactive and say, 'yes they are robust, but in an abundance of caution we're going to improve them'."
He highlights that at the moment there is no suggestion that any data has been exposed, and there has been no attack by hackers. He says: "In many respects this is nowhere near as serious as the situations where data has actually been hacked."
However, he adds that to protect themselves Tesco customers, and indeed all web surfers, should pay attention to their passwords. He says: "Make sure you are using a different password on each site, so that if one is exposed, it doesn't leave you vulnerable on others. Our research shows that 30% of people use the same password for everything, which is a huge mistake."
"You should also take care when choosing a password to ensure it's not easy to guess. Lots of people use things like 123456 or the name of the website itself, which is next to useless. Hackers can break passwords like this in a matter of seconds".
- 1. Land banking
Land banking involves plots of land offered for sale, often online, with the promise of sizable returns when planning permission is approved for housing or other development. Yet often the land is located in areas protected from development by planning law.</p>
The companies involved soon disappear with investors' money and as the firms are not protected by the Financial Services Authority, their funds are not covered by the Financial Services Compensation Scheme</p>
- 2. Money mule
Fraudsters recruit unknowing accomplices through email under the guise of offering employment, seeking a personal favour, or through internet shopping sites. The recruits are persuaded into receiving what are essentially fraudulent payments and then passing funds on.</p>
The 'mules' are frequently offered a small financial incentive to encourage involvement and face difficulties in proving their innocence when the fraud is discovered.</p>
- 3. Carbon credit fraud
The scams claim to offer people the chance to profit from carbon credits. Under regulations that permit businesses to emit a tonne of CO2 – the companies claim to offer investment in green projects like a forestry scheme or a solar panel project, which generates carbon credits that are then sold on to heavy industry.</p>
A flashy brochure or website tells of a reliable 'government-backed' scheme which provides reliable returns for investors. Such a scheme doesn't exist however – a reality investors only discovered when they have parted with their cash and the company is untraceable. As with land banking, fraudulent companies are not covered by the FSA so victims have no course for recompense</p>
- 4. HMRC phishing scam
Receiving an email from the taxman saying you are owed a payment may seem like a nice surprise, but it is actually from fraudsters trying to relieve you of your cash instead.</p>
The emails provide a "click-through link" to a cloned replica of the HMRC website. The recipient is then asked to provide their credit or debit card details - all the information the criminals need to clear your account, and sell on your personal details.</p>
- 5. Disappearing loan scam
This scam targets vulnerable people who are in financial difficulty and unable to access credit through regular channels like overdrafts and credit cards.</p>
The fraudsters advertise loans and those that sign up are asked to pay an upfront 'arrangement' fee of around £60-£70 fee before the loan is approved. Borrowers pay the fee only for the 'loan providers' to disappear without a trace.</p>
- 6. Crash for cash scams
Insurer Direct Line reported a hike in the number of 'crash for cash' scams last year – where fraudsters fake accidents by making unnecessary emergency stops at busy roundabouts or slip roads, forcing motorists to crash into them.</p>
They then make bogus claims to the innocent motorist's insurer, often including fictitious injuries and passengers.</p>
- 7. Driving school scams
Learner drivers have been taken for ride by being unknowingly taught by trainee instructors. An investigation by the AA found up to 27,000 extra driving tests have been failed in the last year because one in 10 learner drivers are unwittingly taught by an instructor they do not know is learning on the job.</p>
- 8. One man mail scam
July saw the arrest of a Leicester postman who stole £46,686 worth of mail over two-and-a-half years. Yogeshbhai Patel, 38, was jailed for two years for stealing mail including 2,000 DVDs and 2,250 games along with CDs and other electrical equipment. He intercepting the valuable packages and spent the money on living a luxury lifestyle including helicopter rides and a trip to Las Vegas.</p>
- 9. Smart meter scam
The Trading Standards Institute reported over 200 cases where elderly homeowners have been targeted by telephone cold callers, purporting to be from their energy supplier and offering energy saving devices which could cut their bills by 40%.</p>
The TSI tested the devices in homes where owners had fallen for the scam, only to find they both failed to satisfy electrical safety standards or deliver any tangible energy savings.</p>
- 10. Thermal camera fraud
Thermal cameras that track ATM pin numbers are the latest weapon in their arsenal and US scientists have warned it is the next threat for this form of crime. Researchers at the University of California at San Diego found that up to 45 seconds after a person types their pin code into an ATM machine or door entry pad the numbers and even the sequence are still readable by thermal cameras.</p>