Credit Card Data Breaches Cost Big Bucks

Javelin Strategy & Research estimates that credit and debit card issuers spent $252.7 million in 2009 replacing more than 70 million cards compromised by data breaches.

In 2009, an estimated 39 million debit cards and 33.3 million credit cards were reissued due to data breaches, for a total of 72.2 million. An estimated 20% of those affected by the breaches had more than one card replaced. I had my MasterCard replaced twice.

Javelin’s survey shows that 26%, or one out of four U.S. consumers received a data breach notification last year from a company or agency holding their personal data, including credit and debit card or checking account information.

What is very interesting is of those notified (which is required by law in most states), 11.5% were victims of identity fraud compared with only 2.4% who weren’t notified.

I’ll say this again and then explain what I think this means. They say a consumer who has been notified that his credit or debit card number was compromised is five times more likely to become a victim of identity fraud than a person who doesn’t get such a notice.

The report’s reasoning behind this is that data breaches lead to fraud. Okay, yes, I’ll agree that data breaches do lead to fraud, and my belief is that the people who were notified simply took a closer look at their statements and recognized unauthorized charges. If they weren’t notified they are no less susceptible to fraud, they are just blissfully unaware they are paying for an identity thief’s Las Vegas bender, and the fraud goes undetected.

DigitalTransactions explains, “Data breaches are one obvious pathway to fraud, but a breach alone doesn’t mean an affected consumer will become an identity-fraud victim. Banks often give free credit-report monitoring services to customers whose data may have been compromised.”

The flaw here is that credit monitoring only makes the consumer aware of new account fraud, when a Social Security number is used to open a new account. Credit monitoring has nothing to do with credit card fraud in which an existing account is compromised. Furthermore, in my experience credit monitoring is hardly ever provided when a credit card number has been compromised. Credit monitoring doesn’t help when an existing account is taken over.

“There’s a disconnect,” Javelin tells Digital Transactions News. Consumers “should pay attention to your credit reports after you’re notified, because you’re more vulnerable.”

Yes, it’s true that if you are notified that your Social Security number has been compromised, you are more vulnerable to fraud, but not more vulnerable to fraudulent charges on an existing credit card, since the bank will replace a card that is known to have been compromised. And monitoring a credit report does nothing to prevent credit card takeover fraud.

The only way to combat credit card account takeover fraud is to pay close attention to credit card statements, while credit reports and credit monitoring are essential to prevent or detect new account fraud.

I recommend checking your credit card and bank statements every day, or at least once a week, from a secure PC.

Robert Siciliano, personal security and identity theft expert adviser to Just Ask Gemalto, discusses credit and debit card fraud on MSNBC. (Disclosures)

Phishing Scam: Using the U.S. General Commander in Iraq as Phish Food

Fishing of course is the sport of tossing a tasty wormy baited hook connected to a fishing line and patiently waiting for a fish to take the bait.

Phishing is the sport of tossing a wormy baited tasty lie connected to a wormy human and the degenerate patiently waits for a naïve victim to take the bait.

A phisher can send thousands of phish emails a day and eventually someone will get hooked.

Phishing is a $9 billion business. Unlike the ongoing depleting of the oceans fisheries, there are PLENTY of people out there to phish. Many of them today are from developing nations like India and China who are just getting a broadband connection to the internet and are considered fresh meat to the bad guy.

The New York Times reports “if you get an Internet appeal from Gen. Ray Odierno, the senior American commander in Iraq, asking you to pay lots of money to get your son or daughter out of combat duty, don’t believe it. And certainly don’t send the $200,000. General Odierno acknowledged that he is but one more victim of a social networking scheme offering a big — but fake — benefit, if you send big amounts of real money.

“I’ve had several scam artists on Facebook use my Facebook page and then go out asking people for all kinds of money: ‘If you pay $200,000, your son can get sent home early,’” General Odierno said at a Pentagon news conference.

Criminals may seek out military families and target them one by one or send a blast to thousands at a time and use a ruse that pulls at the heart strings of unsuspecting families who simply want their loved-one back home.

The General posted a large warning on his social networking site. “I have this big thing on my Facebook that says, If anybody asks you for money in my name, don’t believe it,” he said. “But it’s a problem.”

Frankly, I don’t like the idea of an American General having a Facebook page. It weird’s me out. Hopefully the high commander isn’t uploading pictures of himself doing shots of tequila while driving a tank.

My guess is there is someone out there who has the money and is probably acutely unaware of this type of scam, then is probably capable of getting hooked.  But more than likely nobody will cough up $200,000. But the scammers know to start high and they will go low. They will take a $1000.00 when it comes down to it. But they also know that people won’t argue with a General and nobody will “discount” the value of their loved-ones life. So overall it’s a pretty good scam. Just don’t take the bait.

Robert Siciliano personal security expert to ADT Home Security Source discussing Facebook scams on CNN. Disclosures.

Summer Heat: Online Dating Scams

Love online. 20 years ago it wasn’t even a thought. 10 years ago it was weird. 5 years ago it was new and exciting. Today it’s as normal as milk and bread. If you are looking for a mate online you will eventually hit pay dirt. Most of my friends who tried it, succeeded at it.

When anything technology gets to the “normal stage” that’s also when scammers are well dug in. Scammers are usually much more ahead of the curve. When it was weird, they paid attention and the ones that had the foresight scammed, but when it was hot, they were figuring out all the different ways to pull the wool over their victim’s eyes and getting good at it. They ramped up and were beginning to perfect their craft.

Today, it’s a full time job for them. They know all the new scams and get better at revisiting the old ones.

Recently I signed up for a particular social network so nobody else would take my name. I was immediately contacted by a woman who enjoyed my profile on the social network. Problem was I hadn’t really set up my profile. But she liked it nonetheless.

So I responded “Thanks!” Then, she started to write me every day, and would put lots,and,lots of commas,in her sentances. Her spelling socked and HER capiTal leTTers were all,over,the,place. Plus,The spacing,    of her,words was weird,and from experience,dealing with scsammers,overseas I could tell,she didn’t really,like,my,profile. She wasn’t really a she, But a he, probably named Zambabooboo.

After communicating with “her” for 2 days she was talking love and marriage. After 4 days she wanted desperately to see me. On the 7th day she asked me for money for a plane ticket so she could come see me. I declined.

Robert Siciliano is a Personal Security Expert and Adviser to Intelius.com. See him discussing Safe Personal Dating on Tyra.

For more information see Intelius at Sex Offender Check and Date Check to reduce your chances of encountering a bad guy. (Disclosures)

Youngsters Put Art into Crime Fight

We’ve heard it a thousand times, “Children are the future.If we hope to solve the world’s major problems — achieving world peace, healthy lives, economic development, and global sustainability — we must provide richer learning opportunities for the world’s children. An educated and creative population is, without a doubt, the best path to global health, wealth, and peace. MIT.

Children have been learning about crime prevention by taking part in a police poster competition. A neighborhood police team fostered an anti-burglary message that will be on display in their community.

Their Sergeant stated: “We launched this competition at the school last month as a way of increasing awareness of the simple measures people can take to protect their home from burglary. We were delighted with the standard of entries and hope that the children will be able to pass on to their parents all the tips they have learnt and used in the posters.”

Brilliant! Children teaching parents. Children often display a very intuitive common sense to issues that parents sometimes complicate. They see things as they are opposed to whatever blinders or filters parents see through due to life experience, or life’s baggage.

“The winning posters will be used in the local community so you will soon see them in places like the library and shops.”

Traveling though Logan Airport in Boston I was drawn to a similar campaign that involved drug and violence prevention education. Children expressed what they viewed in their local communities as penciled and water colored art.

Consider this kind of strategy to bring attention to personal security in your community.

Keep in mind too, children may not always have the answers. Today, a 4 year old I know and love when asked if she wanted a banana for breakfast responded “Its foggy today, I don’t like bananas on foggy days.” Or maybe she knows something I don’t.

Robert Siciliano personal security expert to ADT Home Security Source discussing Home Security on NBC Boston. Disclosures.

Online Dating Liar Liar is 5’4, not 5’10

But who cares? Apparently the dude with the 6 inch height difference did. And he figured the lady he was about to meet via chatting in an online dating service cared as well. Maybe she did, maybe she didn’t. Either way he started out in the relationship lying.

Many single people have been turning to the Internet for dating services. You can meet someone with the same interests, hobbies, and lifestyle. Dating services allow you to browse profile pages to shop for a potential mate while chatting it up with potential dates. In the process you are selling yourself as they are deciding whether to buy. And like a car on a “preowned” lot that was recovered from the waters of hurricane Katrina, the truth is often suppressed. .

But what happens when you decide to meet someone and you begin to discover little white lies? Realize that little white lies are often a front for big darker lies.

What else is this person hiding?   Are they married, have kids? Gone bankrupt, been arrested for violence? Or are they a registered sex offender? Are they unemployed when they said they have a job?

Sometimes the truth hurts and people innocently choose to adopt the “what they don’t know won’t hurt them” philosophy and simply don’t cough up the truth. Nothing good can come of this. This is why it is essential that you do your homework and find out as much about this person as possible to head off any potential heartaches.

Much of what you need to know about your new encounter can be found by doing a quick and easy background check. But don’t stop there. Google them, check out their Facebook page and dig as deep as you need to verify as much as possible to determine if their nose is growing.

Robert Siciliano is a Personal Security Expert and Adviser to Intelius.com. See him discussing Dating Security on E! True Hollywood Stories.

For more information see Intelius at Sex Offender Check and Date Check to reduce your chances of encountering a bad guy. (Disclosures)

Sex Offender Sets Up Facebook Page Looking For Love

A sex offender, who spent 11 years in a court-ordered treatment program to rehabilitate him, is looking for a relationship via Facebook.

Facebook is approaching the 500 million member mark worldwide. Chances are there are a few sex offenders in there somewhere. I’d guess anywhere between 1 and 3 percent have a penchant for violating another persons sanctity. Statistically out of the 300 million people in the U.S., there are 500,000 registered sex offenders. Of those registered, thousands more aren’t and many haven’t been caught. You do the math.

He’s 29, so he was in detention since he was 18. His mom must be proud. He was found guilty of sexually assaulting girls. If I was one of the girl’s dads I’d be “friending” this dude to know what he is up to.

He has now set up a Facebook page, with a picture of pop singer Pink, in a bid to date women. Sounds like a real interesting guy.

The Herald Sun pointed out that 3 of his 12 online friends have profile photographs on his page which include children. Just ducky.

Be careful who you friend. They really are out there. Living breathing whacky predators.

Robert Siciliano is a Personal Security Expert and Adviser to Intelius.com. See him discussing Sex Offenders on Fox Boston.

For more information see Intelius at Sex Offender Check and Date Check to reduce your chances of encountering a bad guy. (Disclosures)

Crime Prevention: Sheriff Offers Variety of Security Programs

Talk about proactive law enforcement. The Clay County Sheriff’s Office in Jacksonville Florida area will help residents “burglar proof” their homes, offers a vacation house watch program and will make presentations on a variety of crime prevention topics. The Sheriff’s Office Community Relations Section will send a deputy sheriff to your home at a specified date and time to conduct a burglary prevention survey. These deputies have been specially trained to assist residents in making their homes much safer places to live, according to the release.

Now that’s exactly what every municipality on the planet should require of their law enforcement. Many do, but with budget cuts etc, programs like this often suffer.

Check this out; they have a “House Watch program. A deputy will check your home daily when you are out of town or on vacation. That’s a first! I’ve never seen an official declaration of the local law offering it up in this way.

They also give presentations on the following topics:

Starting a neighborhood watch program.

Reporting a crime: My guess is what to look out for and how to document it.

Computer Safety: Certainly how to keep kids safe.

Computer Crimes: This is probably preventing viruses, hackers etc.

Robbery Prevention: When thugs use guns at convenient stores, gas stations etc.

Burglary Prevention: Home safety tips, Home security alarms etc.

Auto / Vessel Theft Prevention / Boating Safety

Child Safety / Stranger Danger Presentation

Bicycle Safety / Rodeo

Holiday Safety

Residential Crime Survey

Commercial Crime Survey

This just warms the cockles of my heart. If I was you I’d print this out and take it directly to your local police and ask them what they are doing that might meet or beat the offering in Clay County. This is a fantastic way to foster safety and security in any city or town.

Robert Siciliano personal security expert to ADT Home Security Source discussing Home Invasions on Montel. Disclosures.

How Secure Are You And That ATM Transaction?

ATM fraud is more common and likely than a crime committed directly against customers who are in the process of attempting to withdraw cash from the machines, according to NetworkWorld.

When studying “emergency PIN technologies” they state fraud was one of the few concrete conclusions from a report about the use of emergency technology at ATMs issued by the Federal Trade Commission.

Meanwhile reports indicate that thieves used “skimmer” devices to steal $217,000 from Long Island Banks between April and the end of May 2010. Banking information was then re-encoded onto the magnetic strips of blank gift cards. Investigators report that the thefts occurred in Suffolk County, N.Y. They estimate that between 100 and 200 accounts may have been cloned.

The ATM is all about quick easy cash. In the world of technology, when “quick” is paired with “easy” there is a sacrifice made in regards to security. Security is often slow and difficult and most people won’t sacrifice convenience for personal security.

Certainly there is a degree of security in ATMs, but to make them fully secure requires the end user to do more, and unfortunately users often don’t have the ability to jump through all the hoops security requires.

However by understanding some of the risks and incorporating some security tips you can protect yourself.

Always be vigilant when you are at an ATM. Look around the perimeter of the kiosk and beware of anyone paying unwanted attention. If someone is “lurking” they could be waiting to pounce or are shoulder surfing to get your PIN code.

Choose a PIN that’s not easily guessed but can be quickly entered.  Consecutive numbers or the same numbers is never a good idea. Often new ATMs won’t allow you to choose a “soft” PIN anyway.

Don’t ever let anyone help you at an ATM. It’s hard to envision what kind of scenario might involve another person intervening at an ATM. But consider this: Your card gets stuck, someone graciously peeks their head over your shoulder to help. They unstick your card and help you finish the transaction. In the process they got your PIN and swapped your card with another.

In another example two women picked up drunk guys from bars who were waiting for a cab and persuaded them to pull money out of their ATMs while they watched for the PINs. Once they got back to the car one, while making out with him, would pick his pocket and hand off the card to the friend.

Beware of ATM skimming and be able to recognize what an ATM skimmer looks like. Here are some excellent pictures of a well made covert skimming device attached to the face of an ATM. You really need to look for it to recognize it. Not all are as well crafted, but some are very good. ATM skimming of course is when the information on the back of your card is “skimmed” and the criminal then burns the data onto another card and makes withdrawals.

They may have also installed a camera behind a brochure holder, speaker, mirror or in a light bar. If you ever get a vibe that something doesn’t feel right, just leave. Always shield the ATM keypad with your second before entering your PIN.

Meanwhile Romanian Police raided 38 locations and arrested five fraudsters allegedly part of a card cloning gang. Those detained face accusations of being members of an organized crime group, unauthorized access to a computer system, possessing card-cloning equipment, access device fraud and distributing fake electronic-payment devices. Based on this video, they didn’t get a whole lot of equipment but confiscated some cash.

To help combat this type of crime, ADT unveiled the ADT Anti-Skim ATM Security Solution, which helps prevent skimming attempts and detects skimming devices on all major ATM makes and models.

ADT’s anti-skim solution is installed inside an ATM near the card reader, making it invisible from the outside. The solution detects the presence of foreign devices placed over or near an ATM card entry slot, without disrupting the customer transaction or operation of most ATMs. It can trigger a silent alarm for command center response and coordinate video surveillance of all skimming activities. Also, the technology helps prevent card-skimming attempts by interrupting the operation of an illegal card reader.

This technology does not require any software adjustments be made to the ATM itself, and does not connect to or affect the ATM communications network. Prior to its North American introduction, the ADT Anti-Skim ATM Security Solution was successfully field tested on dozens of ATMs of four major U.S. financial institutions in controlled pilot programs. Testing pilots yielded positive results, with no known skimming compromises occurring.

Robert Siciliano personal security expert to ADT Home Security Source discussing ATM skimming on Extra TV. Disclosures.

Replacing Stolen Passports and Credit Cards

Travel season is upon us. Summertime is all about exploring new and exciting places. It’s the season of planes, trains, automobiles and…criminals. When you are out of your element and unsure of your surroundings, you are at a higher degree of risk. Travelers need to be on high alert for property crimes and identity theft.

Years ago, before my wife was my wife, she was traveling in Spain. She got off the plane, headed for the rental car terminal, rented her car, and drove off the lot. At the first stop sign, a man knocked on her passenger window and pointed, saying, “Tire, tire.” She put the car in park and walked over to the passenger side. The tire was fine and the man was gone. So she got back in the car and found that her purse had disappeared from the front seat. Her driver’s license, passport, cash, and credit cards were all gone. What a nightmare! When she went to the police, they asked, “Were you a victim of the flat tire scam?”

You’d think the rental car agency could have warned her. But the lesson here is that you cannot rely on others to protect you. You are ultimately responsible for your personal security.

Fortunately, she is a resourceful person and was able to handle the crisis quickly and efficiently. If your passport is ever lost or stolen in a foreign country, you can apply for an emergency replacement at the nearest embassy. Generally you’ll need to show up in person, and it helps to have a traveling companion to vouch for you. The embassy will need to see some type of verification of your identity, and they’ll likely request a copy of the police report.

When traveling, consider carrying your essential documents in a money belt or one that hangs from a lanyard around your neck, hidden under your shirt. You should always carry photocopies of your identification, but they won’t do you any good if they’re stored in the same purse that was just snatched from your rental car. One smart option is to scan all your pertinent documents in full color and upload them to a secure web-based encrypted digital vault. Some of these services are free, while others charge a small fee. In a pinch, you can download the necessary document from any computer with Internet access, and print a new copy.

For more information on coping with a lost or stolen password, see this list of frequently asked questions.

A lost or stolen credit card requires a different course of action, and its effectiveness largely depends on your preparation. Before traveling, call your card issuer and inquire about their policy for replacing a card. Pack a copy of your credit card that includes the front and back impression. If your credit card is lost or stolen, call the issuer and cancel the card as quickly as possible to mitigate any losses. In the best case scenario, the company should issue a replacement card and ship it overnight at no charge. Most card issuers will accommodate you, and if you find out ahead of time they won’t, find another card issuer.

In an emergency, you can always ask a friend or family member to wire you money. When a U.S. citizen encounters an emergency financial situation abroad, the Department of State’s Office of Overseas Citizens Services (OCS) can establish a trust account in the citizen’s name to forward funds overseas. Upon receipt of funds, OCS will transfer the money to the appropriate U.S. embassy or consulate for disbursement to the recipient. The State Department’s travel website offers more details on emergency money transfers.

And always be sure to carry some spare cash. Tuck it in that money belt so even if your purse or wallet is stolen, you’ll be in good shape.

Robert Siciliano, personal security and identity theft expert adviser to Just Ask Gemalto, discusses travel security on Fox News. (Disclosures)

Burglary Deterred with DNA Technology

This is very cool. In the UK in a town called Halton, break-ins have dropped dramatically.

Burglaries in homes and businesses are down by almost 70 percent, compared with the same time last year. That’s an incredible reduction in crime.

People are feeling safer and local law enforcement and the citizens are taking back control of their neighborhoods. It all began with a concerted effort and an “I’m not going to take it any more” attitude.

The effort became a success when home security training along with special DNA water was distributed to more than 4,000 homes and many more businesses during the past year.

Local officials got together with the Police, Fire and Rescue, Probation Service, Youth Offending Teams, Housing Trust, Landlords, Chamber of Commerce, and Neighborhood Management to co-ordinate the campaign.

Effective safety and security tips and education revolves around informing people on proper locking of doors and windows, giving their homes a lived in look, closing blinds and cutting up boxes when high end items are purchased. Most important is installing multiple layers of security including home security alarms, security cameras and additional signage alerting burglars to the security of the dwelling.

One interesting solution they used was something called SmartWater anti-burglary solution. This is a special liquid which can mark high value property with a unique DNA code. It is virtually impossible to remove and shows up under UV light. Experts say no two SmartWater systems have the same forensic code so every house or business can protect their property with their own individual identification.”

How crazy is this: a spray system activated by intruders will immediately link the offender to the scene of the crime through a DNA code.

When all the officials got together and alerted everyone, I’m sure burglars also got word that they’d be identified and caught when breaking into a house. Getting caught is often an effective deterrent. That’s what an alarm does too.

Robert Siciliano personal security expert to ADT Home Security Source discussing Home Security and Identity Theft on TBS Movie and a Makeover. Disclosures.