Standards Will Bring Mobile Payment

Mobile payment has been around for years in numerous forms for purchases such as downloading music, ringtones and various other services and is now gaining traction for retail purchases in the U.S. But its implementation in the U.S. is a bit slower due to a lack of standardization of payment methods and the overall security concerns of mCommerce. Some consumers in the U.S. have had bad experiences with criminal hacking and data breaches and are concerned about their security and are waiting for the various handset manufacturers (those who make the phones), mobile carriers (those who provide mobile service) and third party technology providers (those who make the technology facilitating financial transactions) to agree on standardization leading to more secure transactions.

However, for many years in Japan and South Korea for example, mobile penetration has been much higher and many people don’t and have never owned PCs (or have been hacked) as they function purely from mobile devices. Security hasn’t been as much a concern. It’s a perfect example of “ignorance is bliss.”

Consumers in the U.S. overwhelmingly want mobile payment. A recent study by Mobio showed “49 percent of Americans said they’ve used their mobile phones to make a payment or purchase in the past three months. And 77 percent of the 1,085 respondents in North America said they would be interested in using their mobile phones to make a payment or purchase. The response was higher — 84 percent — in the 35 to 44 year old age group and among Canadians (86 percent versus 72 percent of U.S. respondents).”

Near Field Communications (NFC), the engine behind mobile payments comes in a variety of forms and there are multiple players trying to makes theirs a standard. Bank Systems Technology reports the disagreements involve banks, credit card companies and the third party technologies all coming together with mobile carriers. The mobile carriers want to control near-field communication and mobile payment fees by maintaining control over the phones payment technology containing their users’ credentials. Mobile carriers see the devices they support as revenue generators that should grant them mobile payment per transaction fees.

Meanwhile, consumers crave mobile payment and must adapt until the big guys fight it out to see who ends up top dog. However, because there is a relatively low security risk in mobile payment, consumers stand to benefit by trying out and adopting the various methods presented. I’m frequently using 2-3 methods such as the Paypal App which allows me to send and receive payments and Square which allows me to make and receive credit card payments on the spot. I find both convenient and fun!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto.

Device Intelligence Helps Stop Scammers Targeting Social Media Sites

We’ve heard this story before, but unfortunately it happens over and over again. Social media and dating sites are overrun with criminals who pose as legitimate, upstanding individuals, but are really wolves in sheep’s clothing.

In Florida, a man named Martin Kahl met a 51-year-old woman and they developed an online romance. A quick search for the name “Martin Kahl” turns up many men with the same name and no obvious signs of trouble.

This particular Martin Kahl told his online girlfriend that he would soon be working in Nigeria (red flag) on a construction project, but a short time later he informed her that the job had fallen through. He cried poverty and asked her to send him money, which she did.

(If there are people in your life who might be prone to falling for a scam like this, please reel them in immediately. Any of their financial transactions ought to require a cosignatory.)

Anyway, during their affair, Kahl claimed he had been arrested (red flag) on some bogus charge, and requested that the woman bail him out to the tune of $4,000, which she most likely paid via money wire transfer (red flag).

All told, she sent the scammer at least $15,000 during their relationship. Sadly, social media sites can do more to protect their users, and should take advantage of information that readily exists for them to use — the known reputations on over 650 million devices in iovation’s device reputation knowledge base. Computers that are new to these social networks dealing with scammers and spammers are rarely new to iovation.  They have seen these devices on retail, financial, gaming or other dating sites and will help social sites know in real-time, whether to trust them.

In the case above, the phone numbers used in the scam were traced overseas. The computer or other device the scammer used to go online could surely also have been traced overseas and could have been flagged for many things:  hiding behind a proxy, creating too many new accounts in the social network, device anomalies such as a time zone and browser language mismatch, past history of online scams and identity theft, and the list goes on.  Scammers in countries such as Ghana, Nigeria, Romania, Korea, Israel, Columbia, Argentina, the Philippines, or Malaysia conduct many of these scams, spending their days targeting consumers in the developed world.

Social media sites could protect users by incorporating device identification, device reputation, and risk profiling services to keep scammers out. Oregon-based iovation Inc. offers the world’s leading device reputation service, ReputationManager 360.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Dating Security on E! True Hollywood Stories.  Disclosures

llegal Alien Steals Identity, Becomes Cop

In a story that could have come right out of a movie, a widely respected police officer turned out to be a Mexican national who stole an American identity and moved to Alaska to become a cop. I’ll bet Sarah Palin didn’t see this one coming.

Fox News reports that the identity thief had been employed as an Anchorage police officer using his assumed name since 2005. Police and federal prosecutors said he didn’t have a criminal record. He does now!

“Federal agents processing a renewal request for his passport discovered the alleged fraud. He was arrested Thursday after authorities searched his home and found documents confirming his true identity, officials said. The passport fraud case is similar to one involving a Mexican national who took the identity of a dead cousin who was a U.S. citizen in order to become a Milwaukee police officer in 2007.”

Crimes like this are possible because citizens have yet to be identified effectively and reliably. We are identified solely by paper documents and photographs, and our Social Security numbers are our primary identifying account numbers.

All an identity thief needs is your Social Security number, which they can use to apply for additional documentation and, eventually, a passport or driver’s license in your name. Once they begin this process they will also apply for credit under your name and, in most cases, ruin your credit history.

You will not know someone has obtained a passport or driver’s license under your name until there is a problem, unless perhaps a red flag pops up when renewing your identification. But by then, whoever has obtained identification in your name will probably have run up unpaid credit card bills in your name, too. That’s where identity theft protection comes in.

McAfee, the most trusted name in digital security, includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues. For additional tips, please visit CounterIdentityTheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss illegal immigrant identity theft on Fox news. (Disclosures)

Victim Jumps from Second Floor in Home Invasion

In Illinois in an apartment building that just happens to be in yelling distance from a police station, a man jumped from his second floor window screaming for help. Fortunately the police were able to catch the two guys who invaded his apartment.

Apparently he didn’t have a home security alarm system, which is an option in an apartment and something to consider.

Two men kicked in his door threatening the man with a gun and proceeded to tie the guy up. When they left to kick in the door of another apartment he was able to break free and that’s when he jumped.

I’ve often thought of what my response would be in a situation like this as my home has multiple floors. As a result I’ve taken my wife floor to floor and discussed the possibilities of escape and the logistics involved.

Jumping from a second floor window or porch certainly could kill you. So can falling off a chair you might be standing on to water plants. However a second floor window in most cases won’t be much higher than 20 feet and faced with a gun or a knife wielded by a violent home invader, jumping 20 feet for this guy was definitely an option for him.

On houses with porches that have poles and posts and the resident is adept at climbing that may be a consideration for some.

The safest and most recommended option is a fire escape ladder. I own a 25 foot ladder, three-story fire escape ladder with anti-slip rungs that can hang out a window.

It’s in my closet in case of fire or a home invasion and hopefully I never have to use it.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News. Disclosures

Disclosing Data, Despite Breaches

The ticker tape of data breaches in the last few months has been astounding. Many have called 2011 “The Year of The Hacker“ and that prognostication has rung true, without question. Halfway through the year, data breaches are an incessant news story.

And despite the constant stream of bad news, consumers continue divulging a tremendous amount of data to retailers, auction sites, dating sites, and gaming sites. While awareness of fraud and cybercrime is at an all time high, consumers seem to feel they don’t have much of a choice but to provide all their data.

People have grown to love the Internet and all the conveniences it offers, both commercially and socially. In my household, little people under five years old whack away at online iPhone games, never knowing what it’s like not to have the Internet.

Many seem to feel that their privacy is the price they must pay for all this connectedness and convenience, and are even willing to put their personal security at risk in exchange.

Scammers know and are capitalizing on this. There isn’t an online gamer, dater, social networker, or consumer today who isn’t at some level of risk.

While all necessary defenses must be employed to prevent hackers from compromising data, an additional layer of protection should be implemented to keep them off websites in the first place.

Every one of these platforms would do well to stem the tide of fraud by incorporating device reputation. One anti-fraud service offering fast and effective results is iovation’s ReputationManager 360. This service incorporates device identification, device reputation, and real-time risk profiling. Hundreds of online businesses prevent fraud and abuse by analyzing the computer, smartphone, or tablet connecting to their websites, and with iovation’s service, they stop 150,000 online fraudulent activities each day.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses another databreach on Good Morning America. (Disclosures)

Hacking Voicemail is Scary Easy

Imagine someone jeopardizing your home security system by hacking your phone’s voicemail. There’s been a widely reported story of a British tabloid newspaper accused of accessing voicemail  messages of murder victims, government officials, celebrities and possibly victims of the 9/11 terrorist attack.

The story broke in response to the tabloids manipulating voicemail of a 13 year old girl who was a murder victim and soldiers who fought in Iraq and died. The FBI is apparently investigating.

It seems there is a flaw in many telecom systems that allow the snooper to check a targets voicemail as long as the voicemail believes the call is coming from that persons caller ID.

Snoopers can access readymade hacking scripts online to perform these tasks or simply enlist one of many “caller ID spoofing” services. These services allow for anyone to make a call to any number and trick the voicemail into believing it’s coming from the voicemails intended account holder.

Once the voicemail is accessed the caller may not need a PIN or access may be granted via default passwords like 1111 or 0000. When the voicemail receives a call they think is coming from the correct phone number spoofed by caller ID it automatically trusts it.

The quickest fix to protect voicemail is to make sure your voicemail requires a PIN especially when you call it from your phone. And make sure that PIN isn’t a default PIN or one that is easily guessed.

Robert Siciliano personal and home security specialist to Home Security Source discussing mobile phone spyware on Good Morning America. Disclosures.

Home Invasion Murder Happens Close to Home

All this scribbling I do about home security cameras and home alarm systems is actually part of a business I run so it requires me to have an administrator to perform certain duties that she’s better at than I am. Earlier this week I reached out to her via text and briefly she wasn’t responding.

Then I get this text: “I’m in New Hampshire at a friend’s. My girlfriend was murdered Saturday night by her fiancés son. Then he shot himself. The kid that killed her broke into the neighbor’s house and tried to shoot him”

Eeesh. When people hear these stories happening in their backyard they say “I just didn’t think it would happen here”, whereas I expect it, and so does my admin.

Reports say police responded to a call about a home invasion at 5 am on a Sunday. The neighbor whose home was invaded got a knock on the door and opens it to an 18 year old sticking a shot gun in his face. He pulled the trigger and the gun misfired. The father ran off to get something to defend himself with and the intruder fled.

This was after he killed his father’s fiancé. Man O’ man. Just like that a 41 year old mother of 3 is dead because of a young man’s actions. Nobody will ever know why he did it. But there were probably signals leading up to it.

On the CDC’s website they state Violence is a serious public health problem in the United States. From infants to the elderly, it affects people in all stages of life. In 2007, more than 18,000 people were victims of homicide and more than 34,000 took their own life.

People who act out in extreme violence like this often say and do things prior to the event over the course of days/weeks/months/years that indicate they will eventually unravel and hurt someone. Some reports say the teen was quick to anger, that he wasn’t someone you messed with. While that’s not enough to go on, it can be considered a red flag.

Visit the CDC for more information.

Robert Siciliano personal and home security specialist to Home Security Source discussing ADT Pulse™ on Fox News Live. Disclosures

15 Social Media Security Tips

1. Realize that you can become a victim at any time. Not a day goes by when we don’t hear about a new hack. With 55,000 new pieces of malware a day, security never sleeps.

2. Think before you post. Status updates, photos, and comments can reveal more about you than you intended to disclose. You could end up feeling like some silly politician as you struggle to explain yourself.

3. Nothing good comes from filling out a “25 Most Amazing Things About You” survey. Avoid publicly answering questionnaires with details like your middle name, as this is the type of information financial institutions may use to verify your identity.

4. Think twice about applications that request permission to access your data. You would be allowing an unknown party to send you email, post to your wall, and access your information at any time, regardless of whether you’re using the application.

5. Don’t click on short links that don’t clearly show the link location. Criminals often post phony links that claim to show who has been viewing your profile. Test unknown links at Siteadvisor.com by pasting the link into the “View a Site Report” form on the right-hand side of the page.

6. Beware of posts with subjects along the lines of, “LOL! Look at the video I found of you!”  When you click the link, you get a message saying that you need to upgrade your video player in order to see the clip, but when you attempt to download the “upgrade,” the malicious page will instead install malware that tracks and steals your data.

7. Be suspicious of anything that sounds unusual or feels odd. If one of your friends posts, “We’re stuck in Cambodia and need money,” it’s most likely a scam.

8. Understand your privacy settings. Select the most secure options and check periodically for changes that can open up your profile to the public.

9. Geolocation apps such as Foursquare share your exact location, which also lets criminals know that you aren’t home, so reconsider broadcasting that information.

10. Use an updated browser. Older browsers tend to have more security flaws.

11. Choose unique logins and passwords for each of the websites you use. I’m a big fan of password managers, which can create and store secure passwords for you.

12. Check the domain to be sure that you’re logging into a legitimate website. So if you’re visiting a Facebook page, look for the www.facebook.com address.

13. Be cautious of any message, post, or link you find on Facebook that looks at all suspicious or requires an additional login.

14. Make sure your security suite is up to date and includes antivirus, anti-spyware, anti-spam, a firewall, and a website safety advisor.

15. Invest in identity theft protection. Regardless of how careful you may be or any security systems you put in place, there is always a chance that you can be compromised in some way. It’s nice to have identity theft protection watching your back.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss social media scammers on CNN. (Disclosures)

 

Make Criminals Cry UNCLE

A Neighborhood crime watch, also called a crime watch or neighborhood watch, is an organized group of citizens devoted to crime and vandalism prevention within a neighborhood. A neighborhood watch may be organized as its own group or may simply be a function of a neighborhood association or other community association.

In South Carolina a group of concerned citizens created a crime watch organization called UNCLE. That stands for United Network of Communities on Law and Enforcement.

The members of UNCLE drive around reporting suspicious behavior. If something looks out of place, they write it down and call the police. If there are suspicious vacant houses or too many cars in a yard or trash piles, they write it down and report it. If they see a suspected drug house they find the owners name and report it. If they see cars parked out front they get the license plates and report them.

UNCLE has the feel of the “Broken Windows Theory” that was deployed in New York City and is often credited with its safe city status today.

The broken windows theory is a criminological theory of the norm setting and signaling effects of urban disorder and vandalism on additional crime and anti-social behavior. The theory states that monitoring and maintaining urban environments in a well-ordered condition may prevent further vandalism as well as an escalation into more serious crime.

None of this is “vigilantism” but more like the Department of Homeland Security’s slogan “If you see something say something” Remember, we are all in this together. Your participation in your communities’ safety and security is essential to the security of us all.

Robert Siciliano personal and home security specialist to Home Security Source discussing Home Security on NBC Boston. Disclosures.

Bump Keys Are Today’s Skeleton Keys

Locking your doors is a first step to securing your home.

However after conducting thousands of seminars on personal security I’m amazed at how many people do not lock their doors. That one simple act can prevent a door jiggling burglar from choosing your home. However if you do lock your doors, the quality of your locks can impact your security.

Lock bumping as its known is a lock picking method that involves inserting a modified key similar to the original and lightly bumping or hitting the key with a hammer or other blunt instrument. As the key is bumped the knob is gently twisted back and forth allowing the locks tumblers to fall in place. Carefully crafting a bump key and manipulating the knob allows the modified key to unlock the door.

Locks are made up of a series of pins and springs that when properly lined up allow the fitted key to turn, thus opening the lock. Bump keys are designed to trick the pins and springs by designing the bump key to accommodate the pins and keys in a variety of ways that ultimately come together by force or through bumping and turning.

Locks manufactured utilizing “programmable side bars” and do not utilize “top pins” are considered bump proof.  Other locks that are electronic, magnetic, disc tumbler or use rotating disks are generally considered bump proof.  This is general advice that should be followed up by enlisting a certified locksmith to guide you in a safe and secure direction.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover. Disclosures.