Security Benefits of EMV for Consumers

/in /by

Major banks and retailers are now pushing very hard to make EMV the new standard in the United States. Visa announced plans “to accelerate the migration to contact chip and contactless EMV chip technology in the U.S. The adoption of dual-interface chip technology will help prepare the U.S. payment infrastructure for the arrival of Near Field Communication (NFC)-based mobile payments by building the necessary infrastructure to accept and process chip transactions.”

EMV, which stands for Europay, MasterCard and Visa, refers to the chip-and-PIN credit card technology commonly used in Europe and elsewhere around the world. Credit cards that incorporate an embedded microprocessor chip are far more secure than any other form of credit card currently available, including the standard magnetic striped cards that are all too easy to skim at ATMs and point-of-sale terminals.

Gemalto reports, “As the U.S. continues its implementation of EMV chip cards, it’s lucky to be able to look to other countries that have adopted the technology for best practices, lessons learned and future benefits. As a Gemalto employee based in the U.S., I’ve been eagerly watching to see how our neighbor to the north, Canada, is benefiting from their EMV chip implementation, which started in earnest in 2007.”

“EMV” refers to Europay, MasterCard, and Visa, three financial service corporations that collaborated to establish a global standard for secure, reliable, and consistent credit and debit card transactions. These cards are also called “chip and PIN” cards because they incorporate an embedded microprocessor chip and require a personal identification number for authentication.

JPMorgan Chase began issuing cards with embedded microprocessor chips last year in response to requests from cardholders who are frequent international travelers. And more major card issuers have followed suit by incorporating EMV technology. American Express has announced plans to release chip-based cards in the United States, as part of a “roadmap to advance EMV chip-based contact, contactless and mobile payment for all merchants, processors, and issuers.”Not surprisingly, as the rest of the world has migrated to EMV chip technology, some fraud has shifted over to the United States because of the ease with which fraudsters can duplicate magnetic stripe cards. As a result, the U.S. has carried a disproportionate percentage of global fraud losses—until now. Through our adoption of EMV chips, we’re anticipating a reduction in fraud loss like in Canada, the UK and the 80 other countries in various phases of migration.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

How do I protect mobile devices while traveling?

/in /by

Traveling for business or pleasure can be hectic, unnerving, and often draining. It’s not uncommon to hear somebody say, “I need a vacation”, after returning from their vacation. When traveling, the last thing you need to worry about is having your critical possessions ripped off.  So here are some things to consider:

Airplanes: Always keep your mobile device with you when you go to the bathroom or stretch your legs. Clip it to your belt or slip it into a pocket when you are napping. Never put it in the overhead compartment!

Rental Cars: My wife traveled to Spain, got off the plane, rented a car, and drove off the lot. At the first stop sign, a man knocked on her passenger window and pointed, saying, “tire, tire.” She put the car in park and walked over to the passenger side. The tire was fine and the man was gone. When she got back in the car, she discovered her purse had disappeared from the front seat. Her mobile phone, driver’s license, passport, cash, and credit cards were all gone. Keep your eyes open for scams and keep your device clipped to you at all times!

Hotel Rooms: Hotel rooms are never secure. I was recently traveling and entered my hotel room to find somebody else’s stuff, including their mobile, laid out on the dresser and bed. This has happened to me dozens of times. Sometimes the clerk assigns the same room to two people, or the keys work in multiple rooms.And ,of course, everyone on the staff has access.  It’s important to never, ever leave anything of value in your room, always engage the security lock on the door when inside, and take your mobile into the bathroom with you. If you go to the fitness center or restaurant, take your mobile with you or put it with other valuables in the safe (and don’t use a combination that’s easy to guess, like “1234”)!

Public Wi-Fi: Mobile devices are more secure on your carrier’s network than a Wi-Fi connection. But if you have to use Wi-Fi, consider using a personal VPN to tunnel through the public Wi-Fi and encrypt your connection. Cover all your bases by installing Hotspot Shield VPN. A free, ad-supported program, Hotspot Shield protects your entire web surfing session by securing your connection, no matter what kind of wireless you are using—whether you’re at home or in public, using wired or wireless Internet. Hotspot Shield does this by ensuring that all web transactions are secured through HTTPS. It also offers an iPhone and Android version.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

I’ll Have an App with That

/in /by

Cash may be king—but not if you like free coffee and sandwiches from Starbucks. Today, if you want rewards, points, discounts or anything free, mobile payment is the way to go. My dad is a perfect example of how and why this is. Here’s a guy who held out on using a smartphone until 2013. For years, he’d pay cash for his Starbucks coffee and religiously hand over his card to the barista for another credit toward that next free cup. Then, the baristas started to veer to clients to using their Starbucks app, with promises of more discounts and free stuff. My dad got his first iPhone 5 and wonders how he survived without it. Once he downloaded his first mobile payment app, he realized how much “free” he was missing out on.

USA Today reports:

Starbucks is producing more than three million mobile payments per week. That, says [Starbucks CEO] Schultz, exceeds the combined mobile payments of the next 10 companies closest to Starbucks. “This will result in a much deeper experience with our customers,” he says.”

That experience IS people like my dad, who plans his trip to Starbucks to get free stuff.

For consumers, that will mean much more one-to-one marketing, says Schultz. That is, specific deals and promos could be specially targeted to individual consumers based on their buying habits. Sooner than later, Schultz projects, regular customers might not even have to belly-up to the bar to order. Rather, based on the information on a mobile phone app that they’re carrying, they could be “recognized” as being in the store—and baristas will have the option to start preparing their usual favorites, without them ever having to actually order.

Starbucks has cracked the code in the evolving mobile payment market, and others are quickly joining in. Head to your favorite app store and search for “mobile payment,” or see what your favorite e-tailer or retailer has to offer.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Why Your Employer Needs Social in the Workplace

/in /by

Social media is the fifth form of mainstream media. It encompasses all media, making it the king of all media. At this point, most people know how to use social media and how to navigate the various websites. But many employers are still on the fence.

Hootsuites’ CEO says, “The world’s top brands—like Pepsi, Virgin, NHL and American Express—[are] now embracing [social media] company-wide.”

MarketingDonut reports, “One of the simplest ways to convince your boss that social media is the future is [by] showing how much profit [the company] can make. Show how your competitors are using social content to attract potential clients, showing the strengths and weaknesses of their campaigns. Use your website analytics to monitor the flow of visitors to your website from Facebook, Twitter or organically, and how many convert to leads or sales.”

And social isn’t just for business-to-consumer communications. It’s also great for connecting employees too. SHRM reports, “Social networking platforms may allow organizations to improve communication and productivity by disseminating information among different groups of employees in a more efficient manner, resulting in increased productivity.”

As you are setting up social media as an effective tool, you must consider the security implications.

  • Implement policies. Without some type of policy in place to regulate employee access and guidelines for appropriate behavior, social media could be problematic. Teach employees effective use by providing training on proper use—including, especially, what not do, too.
  • Limit social networks. In my own research, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure.
  • Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.
  • Maintain updated security. Whether you’re using hardware or software, anti-virus or critical security patches, make sure you are up to date.
  • Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.
  • Register your company name and all your officers at every social media site. You can do this manually or by using a very cost-effective service called Knowem.com.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Beware of Unknown Credit Card Subscriptions

/in /by

The sales industry is fascinating. When it’s done well, you receive great value and both parties leave the transaction feeling happy. But the tactics some merchants use are downright manipulative and often veer into illegal territory.

For example, you might see an infomercial on TV for vitamins. The ad targets the elderly and promises something that sounds like the fountain of youth. The commercial reminds viewers of how tired they are and how old they have become. You watch a sleazy sales show video of people running on the beach, flying a kite, drinking wine and dancing the jitterbug. And you can be just like them if you take this pill just three times a day!

The beauty of this special offer is that if you call in the next 10 minutes, you get not just one bottle of vitamins but also will get a second one for free—as long as you pay the shipping charges. But that’s not all! You also get this handy travel clock that displays the time on the ceiling! All with an amazing money-back guarantee.

I think you see where this is going.

But what they don’t explicitly bring to your attention is that once you make this purchase, you aren’t just buying one bottle and getting one bottle for free; you are actually signing up to buy three bottles a month and you’re going to be activated for a monthly membership to a wellness website. In total, your card will be charged $79.99 per month.

This can happen when you make purchases over the phone or online. In the process of checking out during an online transaction, you might check or need to uncheck a box in regard to an offer or discount. Either way, a few months later you start getting charged for services you never wanted or ordered.

Here’s how to not get sucked into unwanted subscriptions:

  • Know right now that there is no free lunch. Everything costs more than it appears.
  • You will not be happy taking a pill. Except for that time I went to Woodstock in the late‘80s…never mind.
  • Always reconcile your bills diligently and on a timely basis.
  • Refute unwanted subscriptions immediately—within one to two billing cycles.
  • Use a credit card instead of a debit card, as credit cards offer more consumer protection.
  • Ask lots of questions and read the fine print.
  • Do an online search for the name of the company/product,along with the word “scam,” and see what shows up.
  • Use BillGuard to watch your back and help you resolve unwanted charges.

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

During a Robbery: Fight or Comply?

/in /by

Many of us are told that, when we’re attacked, we should let it happen so that the situation doesn’t get any worse. In some cases that may be your only option. But some studies have shown that fighting back is a better option. Showing resistance and making it difficult for your attacker to do their job often helps you get to safety. 

But what about when it’s a robbery? 

Robbery as defined in Wikipedia is the crime of seizing property through violence or intimidation. In common law, robbery is defined as taking the property of another, with the intent to permanently deprive the person of that property, by means of force or fear. Precise definitions of the offence may vary between jurisdictions. Robbery differs from simple theft because of its use of violence and intimidation.

The Washington Post reports “four intruders – two white men and two black men – entered the single-family home about 11 a.m. and used a weapon to hold the family against their will, authorities said. … No one was hurt during the robbery, Mills said, and no information was immediately available about what type of weapon was displayed.”

If violence begins during a robbery, responding to violence with violence might be necessary.

To help protect yourself against robbery, follow these simple tips:

  1. Make sure you have an acute awareness of your environment.
  2. Install outdoor lighting that may keep the bad guys away.
  3. Use your cell phone from a closet.
  4. Make sure your home has a lived-in look so that, from the outside, your home looks like a tougher target, and that help is close by.
  5. Install security cameras.
  6. Have a panic button for your home alarm that calls for help and sends a screaming alarm.
  7. The worst thing you can do is nothing. If violence is imminent, decide on an escape route or recognize your options for protecting and defending yourself.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Your W-Fi Router Might Be Easy to Hack

/in /by

Recently I became aware that many if not most home Wi-Fi routers are very easy to hack by cyber criminals.  I thought, my mom has Wi-Fi, and so probably does your mom. So here is a letter you can share with your loved ones—be they tech-savvy or not, to protect them from the hidden dangers lurking in their homes

Dear Mom,

I don’t want to scare you too much, but I want to let you know about a potential issue with your Wi-Fi router. First, Mom, your router is not your modem. In most cases your modem is the small box with a row of blinking lights that connects directly to your internet service provider’s feed which is either a cable connection coming out of the wall or a phone line. From there the signal is converted and sent to your router through a “cat5” cable that looks like a bigger,fatter telephone wire. Your router (in most cases) is the thingy that’sthen plugged into your computer or gives off your wireless connection.

Anyway, a recent study saidresearchers “have discovered critical security vulnerabilities in numerous small office/home office (SOHO) routers and wireless access points. We define acritical security vulnerability in a router as one that allows a remote attacker to take full control of the router’s configuration settings, or one that allows a local attacker to bypass authentication and take control. This control allows an attacker to intercept and modify network traffic as it enters and leaves the network.”

In case you didn’t catch all that, it basically means the cyber bad guys can break into your internet data stream just like a burglar might break into your car or house and grab important stuff like your passwords, SS number or bank account info that you don’t want them to have. A lot of common big name routers were tested and a lot of them failed. They warned that basically even if your router was not on the tested list, you should still be concerned.

Jake Thompson, one of the security analysts, disclosed  some easy-to-implement tips, including some obvious ones like making sure that you change the router’s default username and password credentials. However, he cautioned, not all routerslet you change the username. They also recommended that “people use WPA2 security protocol, over WEP” but that is probably going to be beyond your understanding

So I am going to recommend something even simpler: adding  a layer of protection by installing  a VPN.  Consider it an easy, cheap (in this case free) insurance policy. When on a PC or laptop, install and launch Hotspot Shield VPN. It’s a free VPN software, but I prefer the paid version; the expanded paid option is a little quicker and offers a cleaner interface. Either way, it’s a great option that will protect your entire web surfing session, securing your connections on all your devices regardless of any security issues with your router.

And BTW, how’s your cat?

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Beware of Slimy Alarm Sales Calls

/in /by

Call them con men, grifters, scammers or thieves. Or simply call them liars, because lying is what they do best. They stare you in the eyes, do it via email or over the phone, and lie through their teeth. They do it casually and with such conviction that we have no reason not to believe them.

Sometimes they call you or knock on your door trying to scam you. Whatever you tell them can be used against you. They can steal your identity. If they find out you don’t have an alarm, they may break into your house. If you tell them the company your home alarm is with, they may call you at a later date posing as that alarm company and requesting “updated credit card numbers.” They can also sell you a bogus alarm system.

The Detroit Free Press reports that scammers “come door-to-door selling free alarm systems or systems for $99. Then, they lock you into a long-term contract for three to five years. The equipment is inferior. I’ve known people that have been burglarized with this equipment, and the burglars just yank the alarm off the wall and it doesn’t work.”

This issue is best resolved by not answering any questions at all, hanging up, deleting the email or telling the person at the front door (while you speak through the locked door) you are not interested. No matter what, never give the scammer your Social Security or credit card number or reveal whether you have an alarm.

Only purchase alarm systems from reputable installers, and do your research to make sure the company has been properly reviewed and vetted for a quality product.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

What’s the difference between using Proxy vs VPN?

/in /by

If you live in or travel to a country that controls what websites their citizens can and cannot visit then you might not have access to sites like Facebook or YouTube. In this case you may have considered using a proxy or a VPN.But what’s the difference?

A Virtual Private Network (VPN) is a network set up to communicate privately over a public network. A VPN protects your data between your laptop, iPad, iPhone or Android device and an internet gateway. It does this by creating an impenetrable, secure tunnel to prevent snoopers, hackers and ISPs from viewing your web-browsing activities, instant messages, downloads, credit card information or anything else you send over the network.

A proxy server (sometimes called a web proxy) generally attempts to anonymize web surfing. There are different varieties of anonymizers. The destination server (the server that ultimately satisfies the web request) receives requests from the anonymizing proxy server, and thus does not receive information about the end user’s address.

Proxies and VPNs are both designed to change your IP address and manipulate your internet browsing to allow you to access YouTube, Facebook etc. – so they will essentially unblock those restricted sites.

However a proxy doesn’t offer encryption, which means the information you are sending and receiving may be intercepted and stolen on public Wi-Fi. AVPN, on the other hand, will act both as a proxy and allow the access but also keeps your information and communication private due to encryption.

Hotspot Shield  is a great VPN option that protects your entire web surfing session, securing your connection at both your home Internet network and public internet networks (both wired and wireless). Hotspot Shield’sfree proxy protects your identity by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS—the protected internet protocol.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

4 Completely Different Ways to Share Photos

/in /by

Back when dinosaurs roamed the earth, people took pictures of the Tyrannosaurus Rex with film-based cameras that required them to drop their pics off at a Fotomat for processing. Then, instant pics in the form of Polaroid cameras came along and the term “instant gratification” was born. Today, most of us snap pics on phones because cameras are just another device that we don’t want to carry.

Now, documenting a person’s day, week, month, year, vacation or any event consists of hundreds if not thousands of photos because digital is easy and free. So what’s the best way to share all your pics in a fun, friendly and secure way? Well, that all depends on your lifestyle.

  • Facebook: When taking pics from your phone, you can easily upload and instantly share your images with your connections. The beauty of Facebook photos is that all 3,000 of your friends can enjoy them and comment on them. Using your PC is even easier when you are uploading entire albums. The bad thing is, once you upload to Facebook, you can’t expect the photos to ever be private. Even though you might lock down your privacy settings so only your friends can see them, it’s still very possible that your pics can be leaked.
  • Flickr: Flickr is a photo sharing site that you can always have in your back pocket via apps for iPhone, Windows 7, Android and more. Or use m.flickr.com from any mobile device to upload and share photos on the go. Share photos only with the people you want to with Flickr’s easy privacy settings. Flickr’s backed storage system makes sure you never lose another photo again.
  • Instagram: Share your photos in a simple photo stream with friends to see – and follow your friends’ photos with the click of a single button. Every day you open up Instagram, you’ll see new photos from your closest friends, and creative people from around the world. Share to Facebook, Twitter, and Tumblr too – it’s as easy as pie. It’s photo sharing, reinvented.
  • Dropbox: Most people don’t think of photo sharing when they think about Dropbox because Dropbox isn’t explicitly a photo sharing site. Dropbox is a free service that lets you bring together all your photos, docs and videos from anywhere. This means that any file you save to your Dropbox will automatically save to all your computers, phones and even the Dropbox website.

All of these sites require usernames and passwords for access. And like all web-based portals, I suggest a different password for each. If you install an application on your mobile, make sure your device is password protected. Another layer of protection (albeit inconvenient) is to set up these apps to require a password every time you access them.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures