medalAs we’ve witnessed at the 2014 Olympics in Sochi, Russia, it is possible to be a winner without even winning a medal!  There are so many inspiring stories about athletes from all over the globe who passionately sacrifice years and time and money for the chance to compete in the Olympics.  With little chance to win any medal, these athletes still train hard and compete, giving their personal best. Without winning any medal, there are many winners – in the best sense.

Unfortunately, there are competitions where “winning” does not make a “winner”– in the best sense.  In fact winning can be evidence of not trying, of not doing the right thing, of not giving personal best. Here are two painful examples where winning is not done by winners and winning is not a cause for national pride…  And for my fellow American readers, this one is for US…

2013 Global “Spampionship”

Sophos Labs, a developer and vendor of security software and hardware headquartered in Boston and Oxford, UK, recently released its “Dirty Dozen” list – the top 12 spam producing countries for 2013.

And the Winner is — “the USA which earned the league’s top spot, generating 14.5 percent of the total spam volume sent during the last quarter of the year, giving it a clean sweep of top finishes for 2013. However, the gap to second place narrowed, with China re-emerging as a major player in the spam sending Dirty Dozen, leaping from 4.6 percent to 8.2 percent, while Russia’s spam contribution edged up from 3.0 percent in Q3 to 5.5 percent in Q4.” *

And how did the US win the “gold” as the country that generates the most spam?  Mostly by not trying – by not doing all the right things.


US Wins the Global Daily Credit Card Fraud Competition

With only 25% of the global daily credit card transactions, the US accounts for a whopping half of the total daily global fraud activity!  That’s a blush causing percentage for a country that is supposed to be the world’s technology leader and a trusted haven in cyber darkness.

How did the US win this inglorious “competition”?  Well, it appears one more time that the US achieved this unsavory “win” by using a strategy of not doing the right things.

The Right Things

If the common thread of these tarnished wins is not doing the right things, then it seems reasonable that doing the right things is key to relinquishing these dubious titles.  So, what are the right things?


In the case of spam, it is important to understand that spam is sent out by computers, not by countries.

The computers that send spam are unprotected, infected computers that have silently become part of botnets – zombie armies controlled by botnet managers to accomplish cyber-crime.  As the top spamming country, the US essentially has the most infected computers!  This is not a cause for pride!

There is no excuse for this situation since there are so many effective, free anti-virus and malware programs available for home users.  Corporate computers are not exempt from blame either; if there is not a corporate IT attitude of making computers on networks bulletproof with the best ongoing security practices, then those computers can be dangerous as well.

The right thing in the case of spam is to be sure your computer is protected with current, daily updated and effective anti-virus and malware protection.  Run a boot-time scan if your anti-virus program can do so; or at least run a regular full scan.  Get a good malware protection program and regularly run a full scan with that.  Get informed.  Ask questions from qualified professionals who are informed about today’s security practices.

The right thing to do to help your country lose the gold as top spamming country is to protect your computer and keep it secure.  The right thing is to help stop cyber-crime by not contributing to it with an infected, zombie computer.

Credit/Debit Card Fraud

Currently the US uses “sign and swipe” technology for credit/debit cards.  This is an “old” technology developed in the 1960s by IBM as a security pass card.  Ironically, today this technology lacks security.   We continue to use the “sign and swipe” cards only because they are convenient to use and cheap to produce.  What we continue to ignore is that this 50 year old technology is very easy to counterfeit and breach.  It is this choice of profit over security that keeps the US in the top fraud producing spot.

What would be the right thing to do at this point?  The easy answer is to get a more secure technology.  France has been using one since 1992, believe it or not – the EMV “chip and pin” type card. describes the card:  It’s a credit card that ”utilizes multiple layers of security – including a computer chip in each card that stores and transmits encrypted data, as well as a unique identifier that can change with each transaction. Cardholders also enter a PIN to authorize transactions. Total fraud losses dropped by 50 percent and card counterfeiting fell by 78 percent in the first year after EMV smart cards” were introduced there.  That sounds like it was the right thing to do.

In fact, 22 years later, the US is now considering this European technology.  Visa and MasterCard have set rollout dates for this type card by October, 2015.   However, costs and lack of clarity about who assumes liability when a breach occurs seems to underlie reluctance to adopt better technologies — the same old same old that keeps the US as the gold standard for fraud.   Oh, did you catch the wording, “when” not “if” a breach occurs?   We have to do better!!

And, we can do better!  We can all make choices to be informed and to do the right things…   If we do, we can all be winners — in the best sense.