Scams Are a Sport This Summer

Scammers tend to follow an editorial calendar much like journalists do. For example when the holiday season is coming journalists often write about bargains to be had while scammers use the season as an opportunity to try and entice users with deals that are “too good to be true.”

This same practice is also used for high-value news items such as a natural disasters, celebrities and high-profile sporting events. Many of us are not aware of the risks and threats associated with such high-profile sporting events and the impact this could have on you, your devices and your personal data. In fact, in a recent survey done by OnePoll for McAfee, only 13% of Brits are worried about a cyber threat spoiling their enjoyment of the summer’s sporting events.

As the world descends into a sporting frenzy this summer, it can be easy to become a little sloppy about keeping your mobile devices safe and secure. However, now is the time when we need to be more cautious.

McAfee has recently identified several scams related to sports which encourage consumers to share their personal details. These can take the form of text messages, social network spam or emails offering fake tickets or lottery wins.

In order to help you keep your mobile devices protected during this summer of sport, you should:

Heed the advice of too good to be true
Be wary of phony websites, emails, texts and pop-ads offering “too good to be true” deals on tickets to sporting events, autographed merchandise, and “winning” a trip to events.

Back-up your data
Before you leave on a vacation to a major sporting event, make sure you’ve made a replica of your data from your smartphone, tablet, laptop or any other devices you’re taking with you. That way in case your device is lost or stolen, you still have all our data. Also consider deleting any personal information on the device that isn’t absolutely necessary.

Disable location services
Before posting photos on sites like Facebook, turn off GPS to avoid having your location information falling into the wrong hands.

Don’t let your apps remember your user names and passwords: Also make sure you don’t store credit card information or passwords on websites. If your smartphone or laptop is lost criminals can easily access these accounts

Be careful when using Wi-Fi networks
Avoid using public or free Wi-Fi networks when trying to access information online. Your information could easily be stolen without your knowledge and you should log in to any financial or shopping sites.

Use “safe search” technology
Make sure that install software the alerts you to risky sites that you may receive via email, texts, IMs or social networking sites. This will prevent you from going to a site that could download malicious software on your mobile device that could steal your identity and financial information.

The world’s biggest sporting event is something to be enjoyed by all and by following these tips, you can stay safe and just enjoy the event!

Robert Siciliano is an Online Security Expert to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

What Differentiates EMV Cards?

In the United States, our credit and debit cards still rely on outdated magnetic stripe technology. The magnetic stripe is the black or brown band on the back of your credit or debit card. The stripe stores data, such as your account number, via tiny, iron-based magnetic particles. When you swipe your card through a card reader, the device accesses the data stored on the magnetic stripe. A quick YouTube search yields numerous vendors offering to sell skimming devices, which can be used to steal data from credit cards as they are swiped in an ATM.

EMV, or chip and PIN cards, on the other hand, are far more secure. These so-called “smart cards” contain embedded microchips and are authenticated using personal identification numbers, or PINs. When a customer uses a smart card to make a purchase, the card is placed into a terminal or a modified card reader, which accesses the card’s microchip and verifies the card’s authenticity. The customer then enters a four digit PIN, which is verified against the PIN stored on the card.

EMV technology supports four cardholder verification methods: offline PIN, online PIN, signature, or no cardholder verification. This enhanced cardholder verification process is an additional security feature, ensuring that the person initiating a transaction is in fact the legal cardholder.

Meanwhile, the only way to verify a regular magstripe credit card is for a cashier to check a customer’s identification, but this occurs irregularly at best and may even promote a false sense of security. In card not present transactions, such as online purchases, the CVV or credit verification value is the primary verification method, but this number is visibly printed on the card itself, and is as easily stolen as an account number or PIN.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Banks Should Promote EMV

The old magnetic stripe technology currently used in credit and debit cards in the United States is inexpensive and readily available, making our cards highly vulnerable to fraud. It’s understandable then that credit and debit card fraud is Americans’ primary fear, with 68% of those surveyed describing themselves as extremely or very concerned about the security of their credit or debit card data and 66% as extremely or very concerned about identity theft.

Compare that to the 58% who are extremely or very concerned about terrorism and war, or 41% who fear the possibility of a serious health epidemic. If a health epidemic actually occurred, that would naturally take prevalence over our financial concerns. But for now, we’re mostly worried about our money.

Credit card fraud comes in two different flavors: account takeover and new account fraud. Account takeover occurs when an identity thief gains access to your credit or debit card number through criminal hacking, dumpster diving, ATM skimming, or sometimes even when you hand it over to pay at a store or restaurant. Technically, account takeover is the most prevalent form of identity theft, though I’ve always been inclined to categorize it as simple credit card fraud.

EMV credit cards—or “chip and PIN” cards—are safer than the magnetic stripe cards still used in the U.S. According to the Smartcard Alliance, “[EMV] transactions require an authentic card validated either online by the issuer using a dynamic cryptogram or offline with the terminal using Static Data Authentication (SDA), Dynamic Data Authentication (DDA) or Combined DDA with application cryptogram generation (CDA). EMV transactions also create unique transaction data, so that any captured data cannot be used to execute new transactions.”

In simple terms, with EMV technology, users’ financial data is thoroughly scrambled. It makes sense, therefore, for smart, forward thinking banks to encourage EMV migration as soon as possible.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

5 Things To Know About Contactless Payment

Contactless payment, also known as NFC or near field communication, is a technology that allows electronic devices to communicate wirelessly. In the case of a mobile wallet application, those devices would typically be a mobile phone and a point of sale terminal at a checkout counter. (NFC has other uses beyond credit card transactions: it can integrate with hardware—to unlock a door, for example—or it can activate software.)

Soon enough, using your smartphone as a credit card will be commonplace. By 2015, mobile contactless payments, in which you pay by holding your phone near a payment terminal, are expected to have increased by 1,077%.

Contactless payments are a faster, more convenient alternative to cash when making small purchases at fast food restaurants, convenience stores, and transport terminals. They are also ideal for remote or unattended payment situations, such as vending machines, road tolls, or parking meters. So far, I haven’t seen a report of bad guys exploiting contactless payment systems.

There are five facts you should know about contactless payment:

  1. Tens of millions of people use contactless technology every day—in passports, identity cards, and transit fare cards for secure, fast, convenient transactions.
  2. These transactions are protected by multiple layers of security, which protect both retailers and consumers.
  3. Some of these security features are incorporated within a card’s microprocessor chip, while others are part of the same networks that protect traditional credit and debit card transactions.
  4. Regardless of your payment method, it is still essential that you check your bank statements regularly for unauthorized transactions.
  5. While contactless payment has been deployed in numerous settings, it is not yet available everywhere. So, assuming that you prefer not to carry large sums of cash, you’ll still need to carry a traditional credit card or, if you are traveling outside of the U.S., an EMV card.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Travel Smart With EMV Technology

Frequent fliers accustomed to traveling internationally for business are helping drive demand for EMV cards within the United States. Business travelers who have found it increasingly difficult to use their magnetic stripe cards while abroad are now requesting that American banks provide EMV, or chip and PIN cards, which are used more commonly in Europe and around the world.

“EMV” refers to Europay, MasterCard, and Visa, three financial service corporations that collaborated to establish a global standard for secure, reliable, and consistent credit and debit card transactions. These cards are also called “chip and PIN” cards because they incorporate an embedded microprocessor chip and require a personal identification number for authentication. These security measures make chip and PIN cards far more secure than the magnetic stripe cards that are standard in the United States, since the magnetic stripes containing sensitive financial data are vulnerable to skimming at ATMs and point of sale terminals. In Europe, chip and PIN technology has significantly reduced the potential for fraud in transactions where the credit card is not physically present.

JPMorgan Chase began issuing cards with embedded microprocessor chips last year in response to requests from cardholders who are frequent international travelers. And more major card issuers have followed suit by incorporating EMV technology. American Express has announced plans to release chip-based cards in the United States, as part of a “roadmap to advance EMV chip-based contact, contactless and mobile payment for all merchants, processors, and issuers.”

Most of the EMV-based cards offered in the United States are chip-and-signature, rather than chip-and-PIN, due to differences in the way payments are processed. Nevertheless, these advances in card technology are a positive step, so thank you to business travelers for pushing banks to incorporate EMB technology and making overseas travel more convenient and more secure.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

What Are The Risks Of A Lost Or Stolen Mobile Device?

Have you ever thought about what would happen if you lost your mobile phone? These days we rely on our mobile phones more than ever. For a lot of us, it can also be a nightmare if it’s lost, stolen or hacked, especially since today it’s become our most personal computer,

But despite the fact that 1/2 of of us would rather lose our wallet than our mobile phone, only 4% of us have taken steps to protect our mobile device with security.

For most of us, our first reaction when we lose our wallet is I have to cancel my credits cards, get a new license, etc. When we lose our phones, we think about the pain and cost of replacing the device. But that’s just the tip of the iceberg.

We don’t realize that our photos, emails, text messages and our apps can be an open door for thieves into our personal information, privacy and financial accounts.

And the time to replace your smartphone and its contents can consume as much as 18 hours of your life.

Mobile devices are on the move, meaning they can more easily be lost or stolen and their screens and keyboards are easier targets for “over the shoulder” browsing.

Below is an infographic that shows why you should protect your smartphone and some tips to protect you and your device.

 

Take time to protect your mobile device. Here’s some tips to keep your mobile safe:

Never leave your phone unattended in a public place

Put a password on your mobile and set it to auto-lock after a certain period of time.

If you use online banking and shopping sites, always log out and don’t select the “remember me” function

Use mobile device protection that provides anti-theft which can backup and restore the information on your phone, as well as remotely locate it and wipe data in the case of loss or theft, as well as antivirus and web and app protection.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)