Where Will I See Contactless Technology in My Everyday Life?

As contactless technology embeds itself into the fabric of everyday transactions all over the world, numerous industries are fine-tuning integration of this latest payment technology into their operations.

Employee Badges: Organizations all over the world are using contactless technology to verify individuals’ authenticity before granting access to a restricted facility, computer system, or electronic device.

For example, a government employee might be required to use a “proximity” card in order to enter a secure facility. Where that employee might have once swiped a magnetic stripe card through a reader, she can now use a contactless card that is more secure and allows her to pass through the access control gate more efficiently.

Or a financial institution might have employees processing sensitive client information. If an employee steps away from his computer for a coffee break, a proximity device he is wearing might trigger his computer to perform a system lockdown until he returns.

Public Transportation: Planes, trains, buses, automobiles, and even shared bicycle services are implementing some form of contactless technology. In fact, multiple citywide transportation services now employ contactless payment methods and many more are making the move to contactless, allowing riders to carry one less card in their wallets by effectively rolling the transit card into the bankcard.

Your local retailers: Before you know it, most, if not all, of your payment cards will offer a contactless option. And once mobile companies and handset providers hash out the best and most efficient way to use mobile payment via contactless on your mobile phone, we will see thousands of mobile payment applications for every possible retailer emerge.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

“Operation High Roller” Makes Banks Cringe

According to a McAfee and Guardian Analytics report dubbed “operation High Roller,” an international ring of cybercriminals has been attacking banks around the world. They have been siphoning roughly $78 million from bank accounts in Columbia, Germany, Italy, the Netherlands, the United Kingdom and the U.S.

In the report, McAfee Director of Advanced Research and Threat Intelligence Dave Marcus writes that this organized crime ring built on tactics established with previous malware is coming up with innovations including: “bypasses for physical ‘chip and pin’ authentication, automated ‘mule’ account databases, server-based fraudulent transactions, and attempted transfers to mule business accounts as high as €100,000 (US$130,000).”

These hackers’ methodology represents a shift from traditional man-in-the-browser attacks on victims’ PCs to server-side automated attacks. Where they once used multipurpose botnets, they now rely on dedicated servers built for the express purpose of processing fraudulent transactions.

Like most financial fraud rings, this one had previously focused on European targets, but McAfee found that their thefts have gone global, spreading to Latin America and more recently to the U.S.

This threat impacts commercial accounts, high-net-worth individuals, and financial institutions of all sizes. The new methodology allows criminals to operate more quickly and to attempt a wider variety of transactions. It is a purpose-built, multiple-strategy approach that helps the criminals’ servers avoid detection, which keeps them live for longer, facilitating even more fraud.

Consumers can begin to protect themselves with antivirus, anti-spyware, anti-phishing, and firewall protection.

Banks and other financial institutions can improve their fraud detection rates even more by incorporating device reputation management into their layered defense. Many leading financial institutions use iovation’s ReputationManager 360 to helps stop new account fraud, detect fraud at user login, detect fraudulent credit applications and also to stop check deposit fraud from mobile phones.

Protect Your Facebook Photos

Imagine you have a baby and want to share your newborn’s photos with your Facebook friends and family all across the country. You snap the pictures and post and receive lots of fun and exciting feedback.

Then a week later you are scanning Craigslist to buy some second hand baby stuff like strollers and maybe baby clothes. In the process of searching “baby” you see an ad for “ADOPT MY NEWBORN” and out of  curiosity you click the ad and see a picture of your child!!!!

This has happened and will happen again. People are weird and do weird things with your images.

Yes, your digital assets can be stolen and used without your permission. In general, if its digital. It’s repeatable which means it can be downloaded, copied, pasted etc. And up until now, there wasn’t much consumers could do about that.

Just because your Facebook profile is set to “Private” doesn’t mean that your photos can’t go public. McAfee® Social Protection safeguards your Facebook photos by letting you control exactly who can view them.

When you upload your photos using the app, your photos will appear blurry and indistinguishable to people you don’t know. What’s more, no one –not even your friends and family who you’ve granted access to your photos– can save, print, download or screen capture them.  It also disables the share button preventing further displays of your pictures without your permission.

In short, your photos, stay your photos.

Pretty cool. Go to the McAfee Facebook page and check out McAfee Social Protection today!

Robert Siciliano is an Online Security Expert to McAfee. See him discussing identity theft on YouTube.(Disclosures)

What is Contactless Technology?

“Contactless” refers to technology embedded in a personal device — typically a mobile phone, key fob, credit card, or access card — that transmits your data to another device from a distance of a few inches in order to complete a transaction.

Transactions involving data transfer have traditionally involved plastic cards with a magnetic stripe or some type of a bar code. And while these technologies remain commonly used, the migration to contactless is well underway, for a number of reasons:

  1. Contactless tends to be a more secure data transfer method. Classic credit cards often contain sensitive yet unencrypted data, stored in plain text in magnetic stripes that can be compromised by various skimming devices.
  2. Contactless technology can handle more data. Devices equipped for contactless transactions contain a small chip, which stores user data and has a vastly greater capacity than a traditional magnetic stripe.
  3. Contactless technology is far more versatile than the payment technology it replaces. Relying on a plastic card and magnetic stripe limit your transaction options, whereas contactless technology can be used to store data in a variety of different devices, from a plastic card to a mobile phone to just about any type of product.
  4. Contactless transactions are more convenient. We’re all accustomed to producing one card or another to make a purchase or access a restricted building or other area. But carrying all those cards around requires a wallet. And frankly, wallets are cumbersome and bulky. I long for the day when my mobile phone is the only device I need, containing everything I need to get anywhere and buy anything.

When your bank, employer, or local public transportation system rolls out contactless technology, embrace it. Before long, it will without a doubt be the preferred method for the majority of our daily transactions.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How the Rich and Famous Prevent Identity Theft

Despite what you may assume, most celebrities and other extremely wealthy individuals do not relish living in a fish bowl, with every move scrutinized. While some certainly do flaunt their wealth, the vast majority do not want you dropping by their home or following them into the bathroom.

The average people who post their whereabouts online, constantly update their status, or list themselves in the phone book generally have nothing to hide. But in a celebrity-obsessed culture, the rich and famous are frequently stalked or harassed, and, since their personal data is so readily available, their identities are more likely to be stolen.

Every seemingly innocuous personal detail available to a criminal can be used to obtain more information, until that criminal has developed a full profile of the potential victim. A series of little crumbs ultimately leads to a loaf of bread.

The solution is called “security through obscurity.” Now, that statement might mean something different in certain circles, but in this case it means that the best way to secure your identity is to hide, buried in the abyss of the Internet, under assumed names, behind a corporate identity. This doesn’t mean using a stolen identity, but rather creating a corporate alias.

Once you have established a corporation, which is not difficult, you can operate under the business’ name to apply for credit, set up utilities, purchase property, and execute most other transactions. Or you might continue using your own name, but obfuscate your role by listing yourself as a low-level employee instead of CEO.

Regardless of the methods you may use to obscure your identity, you cannot hide your device reputation. Unless you rely exclusively on cash for every transaction and never access the Internet, your computer, smartphone, or tablet has an established online reputation. This is a good thing because it validates your transactions without having to go into your personal details. For example, if you use a corporate credit card to make an online purchase, the retailer can use devicereputation technology to analyze the device’s level of risk and determine whether it has a history of fraudulent behavior.

If a retailer is using iovation’s ReputationManager 360, they will know immediately when a customer is attempting to make a purchase with a laptop masking its real location, and if it has been involved in fraud in the past at other iovation-protected businesses. This transaction can be routed to a manual review queue proactively in real-time, giving businesses a chance to prevent losses before they occur.

Mobile Security: Tips for Using Personal Devices at Work

Businesses in all forms operate under numerous business regulations. Small businesses such as finance healthcare, or one where a fine might be imposed if a data breach occurred need to recognize mobile security as a fundamental layer of yours or your company’s information security process.

Mobiles are smartphones and used for ecommerce for consumers and they are used for business tasks as Point of Sales to process credit cards or make payments.

A hospital is a perfect example: Many nurses have mobile phones and many more have tablets for work related purposes. They must be concerned about Health Insurance Portability and Accountability Act also known as *HIPAA: The rule under HIPPA requires health plans, health care providers, and others required by HIPAA to notify individuals (patients) of any breaches of their medical data.

Overall routine patient information is gathered for all hospital patients, such as the patient’s Social Security number, name, address, D.O.B, gender and other data that helps them authenticate the patient’s identity and insurance coverage data.

So if you as an employee of a hospital use your personal device at work and also use it outside of work and it gets lost or stolen, then YES, you and the hospital would be in a great deal of hot water in the event that mobile device was lost.

This is where a BYOD or Bring Your Own Device policy comes into place.  Cozy up to your IT manager and find out what that mobile security policy states. Sometimes they are so restrictive you may not want to use your own device.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussing ADT Pulse on Fox News. Disclosures

Technology Fuels Cyberbullying and Cheating in Teens

McAfee’s study “The Digital Divide: How the Online Behavior of Teens is Getting Past Parents” shows an alarming 70% of teens have hidden their online behavior from their parents, up from 45% in 2010. And yet half of parents live under the assumption that their teen tells them everything he/she does online.

The school year is now upon us. If you haven’t already, you will soon start packing up the kids to send them off to school. Outfitting your kids with new clothes are new technologies is often a big part of back to school preparations.

However, these technologies can have drawbacks and even some dangers that parents need to address: cyberbullying and cheating.

Here are some startling facts that we as parents need to be aware of:


Almost 25% of teens claimed to be targets of cyber bullying and 2/3 of all teens havewitnessed cruel behavior online

Only 10% of parents are aware of their teens are targets of cyber bullying

Facebook has become the new school yard for bullies with 92.6% of teens saying that cruel behavior takes place on Facebook, and 23.8% on Twitter, 17.7% on MySpace and 15.2% via Instant Messenger

When witnessing others being attacked, 40% of teens have told the person to stop, 21% have told an adult and 6% joined in

When being attacked themselves, 66% of teens responded to the attacker (with 35% responding in person), 15.4% avoided school, and an alarming 4.5% have been in a physical fight with their attacker


Only 23% of parents express concern about their teen going online to cheat in school, yet nearly half of all teens (48%) admit they’ve looked up answers to a test or assignment online

22% cheated specifically on a test via online or mobile phone; while only 5% of parents believed their children did this.

15.8% of teens have admitted to cheating on a test by looking up answers on their phone yet only 3.2% of parents thought their teens cheated this way

14.1% of teens admitted to looking up how to cheat on a test online

Overall, 77.2% of parents said they were not worried about their teens cheating online

Parents, you must stay in-the-know. Since your teens have grown up in an online world, they may be more online savvy than you, but you can’t give up. You must challenge yourself to become familiar with the complexities of the teen online universe and stay educated on the various devices your teens are using to go online.

As a parent, I proactively participate in my kids’ online activities and talk to them about the “rules of the road” for the Internet. I’m hoping that this report opens other parent’s eyes so they’ll become more involved in educating their teens with advice and tools

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)


Travel Safety – Part 3: 10 Must-Know Airplane Safety Tips

Since 9/11 we have all learned by example that coming together as a physical force we can overpower hijackers or air-raggers. Anyone becoming aware of a potential threat has a responsibility to make other passengers aware of the situation. Here are some basic airplane safety tips you should implement the next time you travel.

  1. 1.     Store your carry-on luggage across the aisle instead of over your head. You want to keep an eye on it. Otherwise someone can easily go into the overhead bin and remove your belongings. Never put a pocketbook under the seat. The person behind you can remove a credit card and you might not know it for a couple of days.
  2. 2.     Pay close attention to flight attendant instructions when aboard an aircraft.
  3. 3.     In the event of recognizing potential danger, first security steps include making the airplane crew aware, one on one.
  4. 4.     Depending on the volatility of the situation, it could be necessary to quickly bring attention to the cause by rallying passengers first.
  5. 5.     Use caution to avoid unnecessarily alarming others. For your personal safety, trust your gut and be careful to not escalate what could already be a volatile situation.
  6. 6.     Request window seats in a plane’s coach section. Hijackers often take hostages from first-class aisle seats.
  7. 7.     Request a seat next to the plane’s emergency exit. Each time you get on a plane review the instructions for opening the door. However, anyone who does not feel he or she could prevent a disgruntled passenger from opening an emergency exit during flight should not sit in these rows.
  8. 8.     If your plane is hijacked, do NOT make eye contact with the hijackers, which can increase the chances that you will be singled out for attention. Stay calm, follow directions, don’t argue, and don’t attempt heroics—at least not yet. These are desperate people.
  9. 9.     Don’t tell a stranger your plans. The accomplices of hijackers often disguise themselves as passengers.
  10. 10.  Even with security as tight as it is and all the security camera systems, be aware of potential weapons that can still be smuggled onto an airplane: explosives, pepper spray, razor blades, knives, and even guns made of metal or plastic. Undetectable by a metal detector, plastic, wood, and glass can all be shaped into sharp, lethal devices. In addition, plenty of items that belong on an airplane could be used as weapons, including hot water or coffee, serving carts, bags, blankets, headset cords, shoes, pens, batteries, and keys. Even the blunt end of a rolled-up magazine can be used to jab.

Robert Siciliano personal and home security specialist toHome Security Source discussing ADT Pulse on Fox News. Disclosures

No Surprise—Ransomware On the Rise

McAfee’s latest Threats Report shows a 1.5 million increase in malware since last quarter. 2012 is in fact, far and away the busiest year ever for malware with an estimated total of 100 million malware samples worldwide by Q3 2012.

With the malware growth rate up nearly 100,000 per day, McAfee has identified these key variations of malware affecting everyone, which include, mobile malware, Twitter hackers web threats and specifically ransomware.

Data can sometimes be held hostage with the help of “ransomware,” also known as “ransom software.” This software infiltrates your com­puter when you download an infected attachment or clicking a link within the body of an email. You can also get ransomware simply by visiting the wrong website, in what is called a “drive-by.”

Once your computer or mobile device is infected with ransom­ware, it locks down your files to prevent you from accessing them and gives a hacker full control of your machine. Sometimes the ran­somware poses as a “Browser Security” or “Anti-Adware” security product whose license has expired. Computers running Windows that are infected by ransomware are confronted by a full-screen message that resembles a Windows “error alert”.

Ransomware is not common, but it’s definitely a rising malware threat. The best way to avoid ransomware is to make sure that your computer is running the most current version of your operating system and has updated antivirus software. It’s also very important not to click on links in the body of an email or visit unfamiliar websites that may contain viruses that will attempt to inject them­selves through any security vulnerabilities in your browser.

As PC malware writers master their craft, they are transferring their skills to other popular consumer and business platforms, such as Android devices. After the mobile malware “explosion” in Q1 2012, Android malware shows no signs of slowing down, putting users on high alert.

While malware most typically affects PCs due to Windows software, malware can be written for any operating system and platform. Cautioning all Mac fans they too are susceptible to malware, the McAfee Threat Report notes Mac malware’s steady growth, with more than 100 new samples over Q1 2012.

Users must understand how criminals use psychology with lures of easy money. The most effective way to protect yourself is to install a full suite of security protection on your computer so your money and your information remain guarded.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)


Malicious Websites – The Web is a Dangerous Place

McAfee’s latest Threats Report shows a growth in malicious websites replacing botnets as the primary infection mechanism. This means that by just simply visiting a website you could be exposed to malicious things that can do harm to your computer, mobile device, finances or identity.

Websites with bad reputations are influenced by the hosting of malicious software (malware), potentially unwanted programs, or phishing sites. By the end of June 2012, the total number of bad URLs referenced by McAfee Labs™ overtook 36 million! This quarter McAfee recorded an average of 2.7 million new bad URLs per month. Of the new bad-reputation URLs, 94.2% host malware that have been specifically designed to hijack your computer.

It is important to make sure you are aware of things that can happen when you are exposed to a malicious site. The web is a dangerous place for the uninformed and unprotected. Protect yourself:

Make sure your OS is updated: Keeping your operating system updated is a must to protect against security threats. The updates protect you from any known holes that could expose you.

Keep your browser updated: Running the latest versions of the browser also help to protect you against threats that you could be exposed to.

Use security software: Having up to date comprehensive security software is a must. It should include antivirus, anti-spyware, anti-spam, anti-phishing, a firewall and a safe search tool.

Use strong passwords: Little yellow sticky notes on your monitor with your passwords isn’t good. Use a combination of upper and lower case letters, numbers and symbols that are at least 8 characters in length. Also use different passwords for each of your accounts and if possible consider changing them up every 6 months.

Stay educated: Make sure you stay up to date on the latest tricks and tools that hackers use by reading blogs, and getting tips from trusted security sources.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)