European Cybercrime Not Slowing Down

/in /by

Device reputation authority iovation published a report revealing that the number of fraudulent transactions originating from Europe has risen dramatically over the past two years. From April 2011 to April 2012, iovation prevented approximately 15 million fraudulent online transactions in Europe. That’s an increase of 60% over the previous year. The rate of European fraud attempts jumped from 1.3% of total transactions in the first quarter of 2011 to 2.1% in the first quarter of 2012, and has risen steadily throughout the past two years.

iovation stops fraud attempts with their ReputationManager 360 solution, which has the unique ability to determine which online transactions are less trustworthy via patented reputation capabilities. By examining the established reputation of mobile phones, tablets, and computers, and uncovering other device relationships, iovation helps businesses find out ahead of time which online transactions are safe and trustworthy.

Consumers should really be checking their credit card statements monthly, at a minimum. Checking online statements once a week is preferred and setting up alerts such as, “Send me a text or email every time a charge over $100 takes place on my credit card” doesn’t hurt either.

While cybercriminals are everywhere, the countries within Europe where iovation has seen more “denied transactions” as compared to all of the transactions from a particular country include Romania, Lithuania and Croatia. The type of fraud being uncovered includes eCommerce fraud such as the use of stolen credentials or card-not-present (CNP) fraud, financial fraud and bonus abuse on gambling sites, and a plethora of online scams and solicitations being detected in social networks and dating sites.

Scammers who spend their days targeting consumers in the developed world are often blocked by businesses that are using layered fraud prevention technologies. iovation’s real-time device reputation technology detects computers and other Internet-enabled devices that have been involved with financial fraud and other abuses and lets businesses know when those devices are interacting with their websites.

iovation’s network of associations among 950 million devices provides businesses with the ability to know when devices are related to one another, so they can quickly and efficiently shut down sophisticated fraud rings and fraudulent accounts.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft for the National Speakers Association. (Disclosures.)

Summer home security tips before traveling

/in /by

As you pack your car for your next road trip, realize someone’s probably watching.

Burglars watch. They look for signs you are traveling. They look for outside lights on 24 hours a day. They look for dark homes inside at nighttime. They look for no car in the driveway, mail and newspapers piled up or uncut grass that’s three weeks overgrown.  And they look to see you packing your car before a trip. A bad neighbor or his bad seed of a kid may be peering through their windows when you pack. That kid may end up in your house hours after you leave.

Contrary to what some might suggest, I’ve never thought it was a good idea to place your name on a “stop mail” list at the post office. Because some crack head postal employee now has a list of opportunities.

It’s the same thing with stopping delivery of your newspaper. Once you are on that list, it is known you are away.

The best case scenario for both issues is to have a trusted friend, family member or neighbor grab your mail and newspaper for you.

Never list your vacation plans on social media. The last thing you need to be doing on Facebook is telling the world you are 2000 miles away.

Here are a few home security tips to help protect your home while you are on vacation:

Pack your car in your garage or late at night under the cover of darkness.

Use timers on indoor and outdoor lights.

Let a trusted neighbor and the police know you are traveling.

Unplug garage door openers.

Have a neighbor park their car in your driveway.

Have a landscaper mow your lawn.

Don’t share your travel plans on social media or on a voicemail outgoing message.

Lock everything of significant value in a safe.

Invest in a home security camera system and home security alarm system.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News. Disclosures

Access Control for Small Business Owners

/in /by

Knowing who enters and exits your business at all times of the day give the business owner greater control. Having the ability to limit unauthorized entry to your business to certain employees, ex-employees at different times of the day are just a few of the benefits of access control systems.

Knowing you can help to protect your employees and business against damage, theft, or potential harm may be a benefit you can’t put a price tag on. Whether your business has only one way access or multiple entry points, access control security systems are scalable and can be customized to fit your business and security needs.

ADT Access Guard

Security access control allows you to limit employee access, manage schedules, and know who’s going where and when. It’s a quick and easy way to help you limit the access to high-risk or sensitive areas of your business.

Public Mode

For gate, vestibule and other low-security access areas.

No limit to the number of cards the reader can recognize.

Private mode

For higher security areas such as:

Cash rooms.

High-security storage.

Server rooms.

Employee access is given to only one user at a time.

ADT Select Entry

The power of complete access control is at your fingertips. Simply point and click a mouse. That’s all it takes for ADT® SelectSM Entry to provide your small business with a robust access control solution.

Allows you to limit access to high-risk or sensitive areas.

Helps reduce employee and vendor theft.

Helps improve incident awareness and response.

Helps enhance risk management.

Limit access to restricted areas, allow or restrict the access with different user levels or by time frames,  internal communications and monitor external areas.

Intercom Entry

Intercom systems help you safely identify visitors before they get inside. ADT® Intercom Entry Systems are simple, sophisticated security systems that provide a centrally controlled access for your small businesses.

Visually and/or audibly identifies who is at the door.

Helps restrict and manage business access.

Increases employee safety.

Helps you protect entrances, secure parking lot doors, control internal communications and monitor external areas.

If your business is simply under lock and key, then you are in the dark ages and will soon be a burglary statistic. Check out the above access control systems and get educated on all these time and money saving options to secure your business.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News Live. Disclosures

How to Handle a Credit Card Breach While Abroad

/in /by

One of the best and worst parts of traveling overseas is being immersed in a different language. My wife and I once got lost in Naples, Italy. When we pulled over and asked a stranger for directions, he answered in rapid Italian, which we don’t speak. We had no idea what he was saying, but were mesmerized just watching him talk. After two minutes he stopped, so we said “Grazie!” and kept moving. Now imagine if you had to deal with credit card fraud in a foreign country, and couldn’t find any English-speakers to assist you.

Fortunately, you only have to deal with your own credit card company, rather than any overseas officials. Victims of fraudulent credit card charges only wind up paying the unauthorized charges if they fail to detect and report the credit card fraud within 60 days. A 60-day window covers two billing cycles, which should be enough for most account-conscious consumers who keep an eye on their spending. During that time, you are covered by a “zero liability policy,” which was invented by credit card companies to reduce fears of fraud no matter where in the world you travel. Under this policy, the cardholder may be responsible for up to $50 in charges, but most banks extend the coverage to include charges under $50.

You can effectively stop fraud in its tracks by checking your statements online every day. If you only check every week or month, you will have to dispute that many more charges if and when your account is eventually compromised. If you fail to recognize and dispute unauthorized transactions on your credit card statements, you take responsibility for the fraudulent charges.

So, to prevent credit card scams, take the time to watch your statements. This extra layer of protection requires special attention. If you check your email daily, you ought to be able to check your credit card statements daily, too, right? Once a week is sufficient, and even once every two weeks is acceptable. Just be sure to refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Are Tablets Just As Vulnerable As Mobile Phones?

/in /by

With unit sales of smartphones and tablets eclipsing those of desktop and notebook PCs, cybercriminals will continue setting their sights on mobile, and increased mobile Internet use will continue exacerbating security and data breach issues.

McAfee Labs™ points out today’s tablets are more powerful than notebooks were just a few years ago. Although their lack of real keyboards makes them unsuitable for many tasks (editing texts, programming, and design), they are very suitable for browsing the Web, which today is a primary source of malware.

You do need to view tablet computers separately from mobile phones. Tablets mainly differ in the size of the screen, but they share the same software, operating systems, and processors so their security concerns are nearly identical. About the only difference is that some tablets can use USB devices, which increases the attack surface of such devices.

And because like our mobile phone, tablets tend to be portable and one of our most personal computing devices, you need to take steps to protect it. Many of the best practices you use on your computer can be transferred to your tablet.

To help ensure that your tablet is protected, you should:

Always password protect your device and set it to auto-lock after a certain period of time to increase your mobile security

Never leave your tablet unattended in a public place

Don’t click on links on emails and text messages from people you don’t know

Even if you know the company or person, use a browser to search for a link or use the company’s official app to navigate to the site

Always double-check the web address of a site when doing a search on your mobile phone.

If you use online banking and shopping sites, always log out and don’t select the “remember me” function

Before downloading a third-party app, check other users’ reviews to see if it is safe, and read the app’s privacy policy to make sure that it is not sharing your personal information

Use comprehensive mobile security software like McAfee Mobile Security which include antivirus, anti-theft, web protection, privacy protection and call and text filtering. If you have multiple notebooks, netbooks, smartphone and tablets, McAfee All Access provides security for all your devices and helps keep all your stuff safe whenever and wherever you connect.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Identity Thief Gets 4 Years in Club Fed

/in /by

Four years and six months doesn’t seem like a particularly severe sentence for a thief in Washington state who stole 15 people’s identities, including four police officers, created fake driver’s licenses, washed checks, and used “mules” to steal sensitive documents, make purchases with stolen credit, and sell the merchandise. The thief’s attorneys described him as a “38-year-old drug addict who has had medical and mental setbacks and was living in a motel.” I don’t know what his mental setbacks are, but all the meth he was doing may have been a contributing factor.

I spoke about this very case at the Merchant Risk Council’s 2012 MRC Annual e-Commerce Payments & Risk Conference in Las Vegas. I shared the stage with Detective Adam Haas, who investigated the case, and Jon Karl, from device reputation leader iovation, to discuss was “How Device Associations Helped Law Enforcement Tie Multiple ID Theft Cases Together.”

The thief in this case stole tax records and Social Security numbers from mailboxes and used the stolen information to take over victim’s credit accounts and to create counterfeit checks and fake driver’s licenses, which he used to purchase expensive items as local stores. He sold many of the stolen items on eBay or Craigslist, or simply exchanged them directly for drugs. After being arrested and released pending trial, the thief fled, posted “catch me if you can” on his MySpace page, and continued committing the same crimes. In January, he pled guilty to bank fraud and aggravated identity theft.

Kirkland police detectives received a great deal of assistance from Portland-based iovation. iovation’s ReputationManager 360 service was used to track down the fraudulent credit applications at various retail chains, which originated from a group of computers that iovation linked together within their vast network of more than 950 million unique devices. In addition to nabbing the thief, they were able to help identify other victims within the state who were not yet aware they had been impacted.

In a statement, the Detective commented, “The online digital bread crumbs sniffed out by iovation were critical in tying everything together, leading to a much bigger crime ring than we originally suspected.”

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses organized criminal hackers on Good Morning America. (Disclosures.)

Mobile Wallets—How I Make Mobile Payments Securely

/in /by

Some say there will be a day when the wallet you carry in your pocket or purse will become obsolete. The plan is to eliminate all our credit cards, store cards, and IDs and use our mobile phones as our primary means of commerce and identification. The technology behind mobile wallet or mobile POS (point of sale) basically turns your smartphone into a smart debit or credit card. Soon you will be able to pay for almost anything via your mobile device.

When mobile wallets and mPOS become more common, thieves will certainly look for ways to empty them. For instance, it’s possible for attackers to use technologies that allow them to “eavesdrop” on your payments or steal and transmit your credentials by extending the range of the wireless signal. Your data may also be manipulated or corrupted by an attacker.

So how do I conduct safe mobile payments?

Pay attention to your credit card statements to check that you are paying for what you actually purchased.

Only download mobile payment applications from a reputable app store. Check user reviews of the app and make sure to read to app’s privacy policy on what data of yours it is accessing and sharing.

Don’t do any mobile transactions over unsecured Wi-Fi connection. It’s much more secure to use your mobile data network.

Keep your mobile software current. This includes the latest updates for your operating system, mobile browser and mobile security software like McAfee Mobile Security.

Using your phone to pay for things simply by tapping it or swiping it at a store’s checkout terminal may sound like a convenience of the future, but it’s already here and you need to be prepared for this.

 

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Preparing for Your Summer Vacation Overseas

/in /by

If you plan to travel abroad this summer, you should be aware that your usual credit or debit card may not work overseas. In other countries, particularly in Europe, EMV or “chip and PIN” cards are standard. Many merchants will not or cannot accept U.S. cards with magnetic stripes, which could put you in a difficult position when you need gas or have to buy a train ticket.

But proper planning can prevent travel headaches:

Cash is king. No matter where you are in the world, everyone accepts cash. While cash can be a security risk, so is not having any. Exchange some currency at your local bank before you leave, since you might need some foreign money the moment you step off the plane. But exchange the bulk of your money once you have arrived at your destination to get the best rates.

Traveler’s checks are still a good option. Traveler’s checks are now available in the form of an EMV debit card. American Express, Visa, AAA, and Wells Fargo are just a few of the institutions that offer traveler’s checks.

Carry photo ID. When paying with a regular credit card, always have a valid ID available. A merchant who is accustomed to accepting EMV cards may feel skittish about your regular credit card, and may require that you present a photo ID.

Train station kiosks require EMV. Many people travel on trains, especially when touring foreign countries. Purchasing tickets can be difficult, as most rail stations have ticket kiosks that require an EMV card (or cash only). Most train stations do also have a manned ticket booth that will accept cash, but be warned that the lines are often very long. Buying online ahead of time is also an option.

Gas pumps also require EMV. In the late hours of the evening, or early in the morning it is not uncommon for a gas station to be unattended, but with self-service pumps left open. However, these pumps generally only accept EMV cards. This is when planning ahead is essential. If you know you will be traveling all night, get gas ahead of time, or you may end up searching for a gas station with an attendant in the wee hours.

Toll roads are tricky. In a Fodors.com forum discussing European toll roads, one user advises, “In France, sometimes a US credit card works, and sometimes it won’t. If it won’t and you have a line of cars behind you all honking their horns, it won’t be a good scene. The credit card toll booths that I’ve seen don’t take cash as an alternative. The credit card machine ‘eats’ your ticket, so backing up (even if there are not cars behind you) won’t work. We had to have an attendant close her toll booth, come over to ours, take our cash, and then we got going.”

So, all that being said, carry cash, try to travel during the day, and be aware of your options are at night.

Read more personal stories and advice at www.GetFluentC.com.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How EMV Impacts International Travel

/in /by

In the United States, credit and debit cards rely on magnetic stripe technology. The magnetic stripe is the black, brown, gold, or silver band on the back of your credit or debit card. Tiny, iron-based magnetic particles in this band store your account number. When the card is swiped through a “reader,” the data stored on the magnetic stripe is accessed. Card readers and magnetic stripe technology are inexpensive,  readily available and  vulnerable to fraud.

The other, more secure type of credit card is called “EMV,” which stands for Europay, MasterCard, and Visa. According to the Smartcard Alliance, “EMV is an open-standard set of specifications for smart card payments and acceptance devices. EMV chip cards contain embedded microprocessors that provide strong transaction security features and other application capabilities not possible with traditional magnetic stripe cards.”

If you have plans to travel internationally this summer, you may have problems using your U.S. magnetic stripe card abroad, as many other countries, particularly in Europe, have made the EMV card the new standard.

The Smartcard Alliance explains:

“U.S. travelers are reporting troubles using their magnetic stripe cards while traveling. Aite Group has estimated that 9.7 million U.S. cardholders experienced magnetic stripe card acceptance issues when they traveled internationally in 2008, costing banks $447 million in lost revenue. The most common areas where travelers may face issues are at unmanned kiosks for tickets, gasoline, tolls and/or parking, and in rural areas where shop owners do not know how to accept magnetic stripe cards.”

To avoid payment problems, follow these steps:

  • Ask your bank if they offer an EMV card. Most major banks do, including Bank of America, Chase, Citibank, U.S. Bank, and Wells Fargo.
  • Pay in cash.
  • Don’t expect your debit cards to work at payment terminals. Yes, your debit card requires a PIN, but that doesn’t make it an EMV card. You should be able to use your debit card to get cash from ATMs.
  • Inform your bank you will be traveling, otherwise they may flag your card for fraud.
  • Visit GetFluentC.com to share your story and learn more.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

OSHA First Aid Kit for Small Businesses

/in /by

OSHA’s Occupational Safety and Health Standards business regulations requires first aid kits for certain types of businesses. However no matter the nature of your business, it is not unreasonable to have a basic first aid kit on hand.

The following first aid kit list sets forth the minimally acceptable number and type of first-aid supplies for first-aid kits required for loggers, and frankly, it doesn’t seem like much. I have more than this in my first aid kit in my house!

The contents of the first-aid kit listed should be adequate for small work sites, consisting of approximately two to three employees. When larger operations or multiple operations are being conducted at the same location, additional first-aid kits should be provided at the work site or additional quantities of supplies should be included in the first-aid kits:

OSHA First Aid Kit List:

1. Gauze pads (at least 4 x 4 inches).

2. Two large gauze pads (at least 8 x 10 inches).

3. Box adhesive bandages (band-aids).

4. One package gauze roller bandage at least 2 inches wide.

5. Two triangular bandages.

6. Wound cleaning agent such as sealed moistened towelettes.

7. Scissors.

8. At least one blanket.

9. Tweezers.

10. Adhesive tape.

11. Latex gloves.

12. Resuscitation equipment such as resuscitation bag, airway, or

pocket mask.

13. Two elastic wraps.

14. Splint.

15. Directions for requesting emergency assistance.

Once an employee is injured, having the right first aid available can significantly reduce further injury of valued employees.

Robert Siciliano personal and home security specialist toHome Security Source discussingADT Pulse on Fox News Live. Disclosures