Use Cases for NFC in non-payment scenarios. Where else will we see this technology flourish?

/in /by

Near Field Communications (NFC), is the exchange of information between two devices via wireless signal. For example, a wireless signal emitting from your cell phone can act as a credit card when making a purchase. In the case of a mobile wallet application, those devices would be a mobile phone and a point of sale device at a checkout counter.

NFC handsets are set to increase to about 80 million next year. Gartner estimates that that 50% of smartphones will have NFC capability by 2015.

But not all NFC revolves around mCommerce. The usage of NFC  for identity documents and keycards are widely deployed.

And then theres FeliCa, is a contactless technology that is widely deployed in Asia for public transportation, access management, event ticketing, customer loyalty programs and micropayments. As of March 2011, there were over 516 million units of FeliCa IC Chips worldwide, incorporated in 346 million cards and 170 million mobile phones.  Gemalto and Sony Corporation have established an agreement to provide FeliCa / Near Field Communication (NFC) solutions globally.

“With FeliCa’s proven commercial adoption particularly in the Asian markets, we strongly believe that our agreement with Sony will enable Gemalto to build the foundation for significant expansion for both companies at a global scale,” added Tan Teck-Lee, Chief Innovation & Technology Officer and Asia President of Gemalto. “Gemalto’s UpTeq NFC SIM is set to trigger the mass deployment of mobile NFC services now, while providing operators the flexibility to expand their offer in the longer term.”

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

What Happens to Your Profile After You Die?

/in /by

If you were hit by a bus, and passed on to whatever heaven might exist, would you care about your Facebook page? Probably not. But your loved ones more than likely would. Things like email, websites, and social media profiles are considered “digital assets,” which may have some monetary value, but for the most part offer sentimental value to the family of the deceased.

I went to high school with a darling young woman who passed away at far too young an age. Her Facebook page sees a lot of activity. Not a day goes by that someone doesn’t make use of this forum to leave a message telling her they love her. It’s quite nice to visit her page and witness this outpouring of affection.

When Facebook is informed that a profile’s owner has passed away, the account is memorialized, which means that nobody can access or edit the account, nor can any new friends be accepted, but people can still post messages and comments.

However, the inability to access an account might pose a burden to the family of the deceased, who might wish to learn more about their loved one or need administrative abilities in order to access crucial information, alert loved ones, or even finalize the deceased’s affairs.

The Associated Press reports, “Now lawmakers and attorneys in at least two states are considering proposals that would require Facebook and other social networks to grant access to loved ones when a family member dies, essentially making the site contents part of a person’s digital estate. The issue is growing increasingly important as people record more thoughts and experiences online and more disputes break out over that material.”

Facebook currently provides an online form that can be used to report a user’s death. “If prior consent is obtained from or decreed by the deceased or mandated by law,” Facebook will provide the family of the deceased with a download of all account data.

Though you may not particularly care to acknowledge it, now might be a good time to instruct a trusted friend or family member on how to access your various social media assets in the event that something bad should happen.

Robert Siciliano is an Online Security Evangelist to McAfee. Watch him discussing information he found on used electronic devices YouTube. (Disclosures)

Banking – How to Balance Security and Convenience With Online and Mobile Banking

/in /by

Users of online and mobile banking know that financial institutions have a layered security approach in place. Those layers include multifactor-authentication, which may mean requiring users to punch in a second security code or carry a key fob, as well as due diligence in identifying customers as real people whose identities haven’t been stolen, and consumer education.

These multilayers may not always be convenient, but they certainly are geared towards making your online banking experience more secure.

Both mobile and online banking reduces time and expenses by allowing customers to review transactions, transfer funds, pay bills, and check balances online or over your mobile carriers network from anywhere.

Enhanced security with SMS transaction notifications and the ability to turn card accounts on or off, and new technologies like mobile check deposit, in which you simply take a cell phone picture of the check, are contributing to the increasing popularity of mobile banking. Eventually, mobile phones may even replace ATMs and credit cards.

As convenient as this is, you still need to consider security.

Set a passlock to access your mobile that times out in one minute.

Set your computer’s operating system to automatically update critical security patches.

Keep your mobile operating system updated.

Make sure your firewall is turned on and protecting two way traffic.

Always run antivirus software on your PC and mobile, and set it to update virus definitions automatically.

Run a protected wireless network. Don’t bank with your mobile on a public Wi-Fi network.

Never click links within the body of an email. Instead, go to your favorites menu or type familiar addresses into the address bar.

Beware of SMiShing which is like phishing but it’s in the form of malicious text messages.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How safe is my identity? What are the latest threats? How do I protect myself?

/in /by

The 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier, released by Javelin Strategy & Research reports that in 2011 identity fraud increased by 13 percent. More than 11.6 million adults became a victim of identity fraud in the United States, while the dollar amount stolen held steady.

Identity theft occurs when someone takes your personally identifiable information (PII), and misuses it, abuses it, and adapts it to his or her own life, often for financial gain.

From the report:

  • Approximately 1.4 million more adults were victimized by identity fraud in 2011, compared to 2010.
  • One of the key factors potentially contributing to the increase in incidents was the significant rise in data breaches. The survey found 15 percent of Americans, or about 36 million people, were notified of a data breach in 2011. Consumers receiving a data breach notification were 9.5 times more likely to become a victim of identify fraud.
  • Javelin examined social media and mobile phone behaviors and identified certain social and mobile behaviors that had higher incidence rates of fraud than all consumers. LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud.
  • Consumers are still sharing a significant amount of personal information frequently used to authenticate a consumer’s identity
  • 68 percent of people with public social media profiles shared their birthday information (with 45 percent sharing month, date and year); 63 percent shared their high school name; 18 percent shared their phone number; and 12 percent shared their pet’s name—all are prime examples of personal information
  • Those with public profiles (those visible to everyone) were more likely to expose this personal information
  • Seven percent of smartphone owners were victims of identity fraud. 32 percent of smartphone owners do not update to a new operating system when it becomes available; 62 percent do not use a password on their home screen—enabling anyone to access their information if the phone is lost
  • 67 percent increase in the number of Americans impacted by data breaches compared to 2010

Protect yourself:

Lock down your PC with antivirus, antispyware and antiphishing. Update your computers operating systems critical security patches.

Keep social media professional. Once you start sharing every aspect of your life online, you begin to give away some answers to knowledge based questions to reset account passwords.

Watch your accounts closely. Look at your statements online weekly for unauthorized activity. Report fraud immediately.

Get identity theft protection and/or a credit freeze.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Cloud Computing Security: Small Business Data in the Cloud

/in /by

Over the last decade many computing tasks that were developed to be performed locally on and office PC have now moved to the cloud such as contact managers, office documents, media editing programs, you name it: if there is a software version, there is probably a cloud-based version, and often for free. Just search for the name of the software you use plus “free online.”

“The cloud,” as it relates to technology, refers to millions of internet connected servers, which may be owned and operated by either corporations or private individuals, sitting in homes and offices.

These servers may be used to back-up your small business data, host email, documents, files, and offer up software as a service.

Cloud-based data, just like local PC-based data, is vulnerable to physical theft if the building isn’t properly protected, power outages if there aren’t redundant power backups, natural disasters if Mother Nature decides to have a bad day, and criminal hacking through system weaknesses, phishing, and social engineering.

Most cloud service providers won’t explicitly outline what they do to protect your data because it could offer potential hackers information on how to compromise their networks. But one provider for example promises “strict data security policies, military-grade encryption, and world-class data centers for optimal data protection of your business’ computers and servers.”

The cloud computing security guide from Intel provides practical steps to help IT managers plan cloud computing security, with recommendations for strengthening cloud platform and data center infrastructure implementations.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Identity Theft Tops 2011 Consumer Complaints

/in /by

The Federal Trade Commission today released its list of top consumer complaints received by the agency in 2011. For the 12th year in a row, identity theft complaints topped the list. Of more than 1.8 million complaints filed in 2011, 279,156 or 15 percent, were identity theft complaints. Nearly 25 percent of the identity theft complaints related to tax- or wage-related fraud.

The report breaks out complaint data on a state-by-state basis and also contains data about the 50 metropolitan areas reporting the highest per capita incidence of fraud and other complaints. In addition, the 50 metropolitan areas reporting the highest incidence of identity theft are noted.

The next nine complaint categories are:

Debt Collection Complaints

Prizes, Sweepstakes, and Lotteries

Shop-at-Home and Catalog Sales

Banks and Lenders

Internet Services

Auto Related Complaints

Imposter Scams

Telephone and Mobile Services

Advance-Fee Loans and Credit Protection/Repair

All of these scams can be avoided when the consumer does their necessary homework and puts systems in place to protect themselves. Some scam can be avoided just by knowing they exist and not falling for them. Others may require some form of a protection service while others simply require a little legwork and research to know your options. Always do searches on companies you do business with, check licenses and IDs, get second opinions and if it seems to good to be true, then you know the story.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.Disclosures.

A look into the cyber security legislation: What does it mean for citizens?

/in /by

The White House issued a statement in regards to our critical infrastructure – such as the electricity grid, financial sector, and transportation networks that sustain our way of life – have suffered repeated cyber intrusions, and cyber crime has increased dramatically over the last decade. The President has thus made cyber security an Administration priority.

From The Desk of President Obama: “We count on computer networks to deliver our oil and gas, our power and our water. We rely on them for public transportation and air traffic control… But just as we failed in the past to invest in our physical infrastructure – our roads, our bridges and rails – we’ve failed to invest in the security of our digital infrastructure… This status quo is no longer acceptable – not when there’s so much at stake. We can and we must do better.”

Members of both parties in Congress have also recognized this need and introduced approximately 50 cyber-related bills in the last session of Congress. The proposed legislation is focused on improving cyber security for the American people, our Nation’s critical infrastructure, and the Federal Government’s own networks and computers.

#1 National Data Breach Reporting. State laws have helped consumers protect themselves against identity theft while also incentivizing businesses to have better cyber security, thus helping to stem the tide of identity theft.

#2 Penalties for Computer Criminals. The laws regarding penalties for computer crime are not fully synchronized with those for other types of crime.

#3 Protecting our Nation’s Critical Infrastructure. Our safety and way of life depend upon our critical infrastructure as well as the strength of our economy. The Administration is already working to protect critical infrastructure from cyber threats.

#4 Protecting Federal Government Computers and Networks.  Over the past five years, the Federal Government has greatly increased the effort and resources we devote to securing our computer systems.

#5 New Framework to Protect Individuals’ Privacy and Civil Liberties. The Administration’s proposal ensures the protection of individuals’ privacy and civil liberties through a framework designed expressly to address the challenges of cyber security.

Our Nation is at risk. The cyber security vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity.

Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

The Internet is incredibly powerful tool that must be used intelligently and cautiously. Do your part to protect your little network and we will all be that much safer.

Use antivirus software, spyware removal, parental controls and firewalls.

Back up your data locally and in the cloud.

Understand the risks associated with the wireless web especially when using unsecured public networks.

Protect your identity too. The most valuable resource you have is your good name. Allowing anyone to pose as you and let them damage your reputation is almost facilitating a crime. Nobody will protect you, except you.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Dirty Dozen Tax Scams for 2012

/in /by

The Internal Revenue Service today issued its annual “Dirty Dozen” ranking of tax scams, reminding taxpayers to use caution during tax season to protect themselves against a wide range of schemes ranging from identity theft to return preparer fraud. Here are 4:

Identity Theft

Topping this year’s list Dirty Dozen list is identity theft. In response to growing identity theft concerns, the IRS has embarked on a comprehensive strategy that is focused on preventing, detecting and resolving identity theft cases as soon as possible. In addition to the law-enforcement crackdown, the IRS has stepped up its internal reviews to spot false tax returns before tax refunds are issued as well as working to help victims of the identity theft refund schemes.

Phishing

Phishing is a scam typically carried out with the help of unsolicited email or a fake website that poses as a legitimate site to lure in potential victims and prompt them to provide valuable personal and financial information. Armed with this information, a criminal can commit identity theft or financial theft.

Return Preparer Fraud

About 60 percent of taxpayers will use tax professionals this year to prepare and file their tax returns. Most return preparers provide honest service to their clients. But as in any other business, there are also some who prey on unsuspecting taxpayers.

False Form 1099 Refund Claims

In this ongoing scam, the perpetrator files a fake information return, such as a Form 1099 Original Issue Discount (OID), to justify a false refund claim on a corresponding tax return. In some cases, individuals have made refund claims based on the bogus theory that the federal government maintains secret accounts for U.S. citizens and that taxpayers can gain access to the accounts by issuing 1099-OID forms to the IRS.

Protect yourself!

Protect your information. Secure all data from the moment it arrives in your mailbox. Secure means that your mailbox and file cabinet have locks, or even storing important documents in a fire-resistant safe.

Shred non-essential paperwork. Check with your accountant to determine what you need and what you don’t. Use a cross-cut shredder to destroy unneeded documents.

Go paperless. Whenever possible, opt to receive electronic statements in your inbox. The less paper in your life, the better.

File early. The earlier you file, the more quickly you thwart any criminal’s attempt to file on your behalf and collect your refund. Only file your tax return with the help of a local, trusted, professional accountant whom you know, like, and trust.

Protect your PC. A computer’s operating system should always be updated with the latest critical security patches and you should use comprehensive security software that provides antivirus, anti-spyware, anti-phishing, anti-spam and a 2-way firewall.

Robert Siciliano personal and home security specialist to Home Security Source discussing home security and identity theft on TBS Movie and a Makeover.Disclosures.

Social Media Security Tips for Small Business

/in /by

Corporations know there are long-term marketing benefits of social media and they also know the security issues with employees continue to be a problem.

Many companies restrict internal access. Others prevent employees from discussing or mentioning the company in social media during private time.

Follow these social media security tips for small business to prevent security issues:

#1 Implement policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do too.

#2 Encourage URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like a tiny URL decoder.

#3 Limit social networks. In my own research about social media security, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure.

#4 Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed with social media security risks.

#5 Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure your business network is up to date.

#6 Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.

#7 Companies who eliminate access to social media open themselves up to other business security issues. Employees who are bent on getting access, often skirt security making the network vulnerable.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures

Be Aware of Tax Time Scams

/in /by

The Internal Revenue Service has issued its annual “Dirty Dozen” ranking of tax scams, reminding taxpayers to use caution during tax season to protect themselves against a wide range of schemes ranging from identity theft to return preparer fraud.

An IRS notice informing a taxpayer that more than one return was filed in the taxpayer’s name or that the taxpayer received wages from an unknown employer may be the first tip off the individual receives that he or she has been victimized.  While identity theft complaints increased last year and complaints pertaining to stolen tax returns have increased significantly—from 11,010 complaints in 2005 to 33,774 in 2009, according to an analysis of more than 1.4 million identity theft records from the U.S. Federal Trade Commission. That’s nearly 300%.

Be aware of these scams this tax season:

Phishing scams. If you receive an unsolicited email that appears to be from either the IRS or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), report it by sending it to phishing@irs.gov. Never respond or click on links within unsolicited emails requesting that you enter personal data or visit a website to update account information, especially from the IRS as they do not send emails out to consumer.

IRS scams. Beware of scammers posing as IRS agents. They contact targets via phone or email, and are often prepared with a few personal details, which they use to convince targets of their IRS affiliation. This data may actually have been gleaned from public records or even your trash. This type of scammer may offer you a tax refund, and will generally pressure you to comply with their request.

Rogue tax preparers. Questionable return preparers have been known to skim off their clients’ refunds, charge inflated fees for return preparation services and attract new clients by promising guaranteed or inflated refunds.  Anyone can hang out a shingle and claim to be a credible accountant. That shouldn’t be enough to persuade you to disclose all your financial records.

Signals to watch for when you are dealing with an unscrupulous return preparer would include that they:

Do not sign the return or place a Preparer Tax identification Number on it.

Do not give you a copy of your tax return.

Promise larger than normal tax refunds.

Charge a percentage of the refund amount as preparation fee.

Require you to split the refund to pay the preparation fee.

Add forms to the return you have never filed before.

Encourage you to place false information on your return, such as false income, expenses and/or credits.

Here are some suggestions to protect yourself and make sure that you get your return:

Protect your data. This means that all sensitive documents, including anything that includes tax or investment records, credit, debit, or bank account numbers, or a Social Security number, must be secured from the moment they arrive in your mailbox. Secure means that your mailbox and file cabinet have locks, or even storing important documents in a fire-resistant safe.

Shred non-essential paperwork. Check with your accountant to determine what you need and what you don’t. Use a cross-cut shredder to destroy unneeded documents.

Go paperless. Whenever possible, opt to receive electronic statements in your inbox. The less paper in your life, the better.

File early. The earlier you file, the more quickly you thwart any criminal’s attempt to file on your behalf and collect your refund. Only file your tax return with the help of a local, trusted, professional accountant whom you know, like, and trust. If you file online, you should use a secure PC and a secure Internet connection. If you submit your taxes through the mail, you should bring them directly to your local post office.

Protect your PC. A computer’s operating system should always be updated with the latest critical security patches and you should use comprehensive security software that provides antivirus, anti-spyware, anti-phishing, anti-spam and a 2-way firewall.

Robert Siciliano is an Online Security Evangelist to McAfee. See him discussing identity theft on YouTube.(Disclosures)