Share credit card transactions at own risk

A new social networking site that allows users to share their credit card transactions online could expose consumers to unnecessary risk, warns a security expert.
Members of the site, dubbed Blippy, can broadcast their transactions and details of their purchases in the form of Facebook-like updates. Users do so by providing the site with details of their credit and debit cards, as well as accounts at online stores such as Amazon and Apple's iTunes store.
The Blippy service, which is currently in beta, will show where users spent their money, the products they bought and identify other users that bought the same item and compare prices. Members can also comment on the transactions made by other users, as well as make comparisons with their own purchases.
IT security vendor Symantec, however, has frowned upon the service. Ronnie Ng, manager of systems engineering at the company's Singapore office, said the risks involved in sharing credit card transactions far outweigh benefits the service may offer.
"Just think, would you prefer finding out about a better deal on books by your favorite author, or have your personal information sold on the black market and used illegitimately?" Ng said.
"The key security issue that could arise from services like Blippy, is the risk of a data breach and loss of confidential information," he explained. "Such sites may not have the necessary data loss prevention or encryption technology in place to safeguard the personal information that they are privy to."
Symantec's Ng cautioned that social networking sites are "increasingly attractive target for cybercriminals to harvest confidential information".
"Social networking sites combine two factors that make for an ideal target for online criminal activity: a massive number of users, and a high level of trust among those users," he noted.
"With confidential information a key target of malicious attacks, users need to exercise extreme caution when sharing information on their social networks--whether it is their current location, or more personal information such as contact numbers, identity card or social security numbers, and credit card information," he added.
Facebook previously offered a service similar to Blippy. Called Beacon, the feature updates Facebook members' friends about their purchases and other activities on third-party Web sites. However, the service was discontinued in September 2009 after a class action lawsuit alleging privacy violations.