What is Shoulder Surfing??
Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.
Shoulder surfing is particularly effective in crowded places because it is relatively easy to observe someone as they:
- fill out a form
- enter their PIN at an automated teller machine or a POS terminal
- use a telephone card at a public payphone
- enter a password at a cybercafe, public and university libraries, or airport kiosks
- enter a code for a rented locker in a public place such as a swimming pool or airport
- enter a PIN or password on their smartphone
- public transport is a particular area of concern.
Shoulder surfing can also be done at a distance using binoculars or other vision-enhancing devices. Inexpensive, miniature closed-circuit television cameras can be concealed in ceilings, walls or fixtures to observe data entry. To prevent shoulder surfing, it is advised to shield paperwork or the keypad from view by using one’s body or cupping one’s hand.
Secure, the European Association for Visual Data Security, recommends that when you are in a situation with heightened risk, take steps to protect yourself by angling your screen away from the gazes of other people or using a special privacy screen shield to reduce the visibility of your screen. Secure also recommends that corporate IT security guidance includes directions on how to mitigate these threats. This could include the adoption of ISO/IEC 27001. You should also ensure that staff are properly educated to the risks involved with accessing information.
A survey of IT professionals in a white paper for Secure found that:
- 85% of those surveyed admitted to seeing sensitive information on screen that they were not authorised to see
- 82% admitted that it was possible information on their screens could have been viewed by unauthorised personnel
- 82% had little or no confidence that users in their organisation would protect their screen from being viewed by unauthorised people.
The following are simple ways to protect yourself from shoulder surfing when entering or accessing personal data on an electronic device:
- Look for an area where your back is against a wall.
- Spend more for a screen filter or protector to obscure the visibility of the display.
- Never give your password or any vital information to anyone.
- Locate a quiet spot away from the crowd.
- As much as possible, never open personal accounts in public.
What to do if anything goes wrong?
If you have been the victim of shoulder surfing, you will be reimbursed by your financial institution minus a 150 EUR franchise, unless you are guilty of fraudulent intentions or gross negligence.
What is meant by gross negligence?
The following are an example of ‘gross negligence’:
- noting down your secret code on your card or on a document that is kept together with your card.
- failing to immediately get into contact with Card Stop as soon as you have noticed that your card has been lost or robbed.
These are just two examples of gross negligence according to the law, but other facts or customer acts may also be considered as gross negligence. This qualification will be given on the basis of the actual circumstances taken as whole.