Card Not Present Transaction Fraud can be stopped

Credit card fraud, despite measures to stomp it out, still runs rampant in America. Forty-seven percent of credit card fraud consists of card-not-present (CNP) fraud. This includes payments via snail mail, phone and Internet.

2CThe U.S. is headed towards EMV (chip) card technology, notes Scott Zoldi in FICO’s Banking Analytics Blog. Though chip-based authentication technology may cause non-CNP fraud to decline, don’t count on this same effect for CNP fraud, adds Zoldi.

There’s light at the end of this tunnel, however. Attempts at card fraud have risen, but the average loss per compromised account dropped by 10 percent. The ratio has been the same for fraud to non-fraud spending. The volume of card fraud that has increased correlates to the volume of increase in shopping with credit cards in the first place, writes Zoldi.

How can you spot CNP fraud? Visa offers the following warning signs for this type of crime:

  • Orders consisting of several of the same product
  • Orders full of big-ticket merchandise
  • Transactions that have similar account numbers
  • Shipping that goes out to an international address
  • Transactions placed on several cards, but the shipping goes to a single address.
  • Multiple cards that are used from one IP address

Oregon-based security firm iovation can stop fraudsters and keep them out for good. Reputation Manager 360 goes beyond personally identifiable information (PII) to prevent fraud. By identifying the devices connecting to the retailers site and assessing their reputation, their service instantly gives businesses the full story about any card-not-present (CNP) transaction.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247

7 Shopping Scams Online during the Holidays

Santa Claus is coming to town—and so are online thieves. How might they nab you, and what can you do to prevent it?

2C1. Stick with familiar retailers. Unbelievably low prices are a red flag, since competitors are always checking each other’s prices.

2. Customer reviews aren’t necessarily the gospel. An unscrupulous seller may hire people to write favorable reviews. Though one clue is that the same reviewer has reviewed tons of products, other reviews are crafted more cleverly. Identical reviews on different sites are suspicious.

3. Phishing, anyone? The crook sends you the bait: an e-mail that looks like it’s from a reputable company, with a malicious link to a site that looks like the company’s, requesting you turn over your username, password or credit card number. Do this and the thieves will spend your money.

4. Carefully review credit card statements. Even if you never online shop, your purchases are processed online, where fraud can take place, resulting in unauthorized charges. Also, crooked employees can use your credit card number for purchases.

5. Sell with caution. You receive a check for that item you put on eBay, but the buyer “overpaid” and asks you to send the difference back via Western Union WU -1.44% or Moneygram. You do this—before you learn that their check is fake.

6. Meeting Craigslist sellers and buyers. Meet only in safe, public places. Inform the seller you’ll first meet without any cash, just to inspect the sale item. If you want to buy it, get your money from an ATM.

7. Don’t purchase stolen products. Request proof of ownership. Or, request the serial number and see if your state keeps a database of stolen items.

Retailers are also doing a lot behind the scenes to  protect consumers, by layering fraud protection tools including address verification services, two-factor authentication, device reputation technology and behavioral analysis. As devices (such as computers and mobile devices) with fraudulent histories connect to the retailer’s website, the business is alerted in real time.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247

12 Ways to hide Online

If you feel paranoid about online surveillance, there are ways you can significantly shrink your cyber presence so that it’s more difficult and expensive for anyone and even big intelligent agencies to monitor your online activities.

2P1. End-to end Encryption

This tactic encrypts your data from the beginning point of communication to the receiving end. The tool of choice for you and your message-recipients to install is OTR (off-the-record) messaging. This start-to-finish encryption will keep snoopers in the dark.

2. Maximal Encryption

If you can’t do end-to-end, at least encrypt as many communications as possible. This can be done with EFF’s HTTPS Everywhere browser add-on for Firefox or Chrome. It maximizes amount of data that you protect by making Web sites encrypt Web pages when possible. Encrypt your USB flash drive with TrueCrypt.

3. Encrypt Hard Drive

Latest versions of Macs, Windows, Android and iOS have ways to encrypt local storage. Turn this on so that anyone who uses your computer can’t copy its contents.

4. Strong & long Passwords

Forget short, easy to remember passwords like the name of your pet. Make them very long—all passwords. A password manager will eliminate having to remember a bunch of super long passwords. Diceware.com will help you create an unforgettable, strong master password.

5. Virtual private network software

Unencrypted data is highly vulnerable to prying eyes. Use a virtual private network (VPN); this ensures that all online transactions (e.g., filling out forms, downloading, shopping) are secured through HTTPS.

Hotspot Shield VPN is free and reliable, available for Mac, PC, Android and iPhone. This service also encrypts all mobile data and protects the user’s identity. VPNs can also be used for visiting sites you don’t trust much.

6. Use Tor

Installation and use of Tor will conceal your origins from mass and corporate surveillance. Giants like the NSA do not like Tor, and there’s a reason for that; it works.

7. Two-step authentication

This involves typing in a password and then a routinely altered confirmation number to protect against attacks on cloud and Web services.

8. Never click Attachments
Your computer can be hijacked when you click on a link sent via e-mail—a link accompanied by a hyped up message that’s designed to get you emotional rather than logical. Tell your friends and family to send you information in text whenever possible. If they must send a file, double check that it’s really from them.

9. Don’t open Emails with a blank Subject Line

An e-mail with a blank subject line may be an innocent lapse in judgment from a person you know, but the blank subject line is also a possible sign of a virus attack waiting for you if you open the e-mail.

If you receive blank subject lines apparently from someone you know, send a message to the sender by creating a new message and asking if they just sent something. Require everyone you know to fill in the subject line.

10. Anti-virus, updated software

Make sure your computer has anti-virus software and that it’s always kept up-to-date.

11. Be an ally
Teach others all you know about hiding online. Even install for others tools like Tor. Ask them to sign up for Stop Watching Us to guard against mass spying. Throw a “cryptoparty.”

12. Offline data

Keep your most secret data written down in a notebook and place where nobody would think to search for it.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Hectic Holidays Heavenly for Hackers

Ahhh, it’s that time of the year again: the hustle and bustle of the holiday season—parties, gift giving, travels and get togethers with friends and family. But it also brings up the question of how and when are you going to have time to shop and get everything done in time?—let alone fight those crowds at the mall for that elusive parking space.

online-shopping
With online shopping, not only can you shop any time of day (or night if you’re like me and a night owl), from the comfort of your couch or recliner and can easily compare prices without walking up and down the mall or driving all over town. You can even get things online that you simply just can’t buy locally. But while online shopping provides you with a high level of convenience, it also provides cybercriminals with opportunities to steal your money and information through various online scams.

That’s why as Black Friday and Cyber Monday (which has become one of the biggest online shopping days of the year) approaches, you need to make sure you’re being smart when shopping online. Besides making yourself familiar with the 12 Scams of the Holidays, here’s some tips to stay safe online:

Be wary of deals. Like Mom said, “if it’s too good to be true, it probably is”. Any offer you see online that has an unbelievable price shouldn’t be believable. I saw a 25-foot camper on Craigslist for 10% of the list price, and it was within 10 miles of me. My endorphins rushed and I was filled with excitement—I wanted it! Then I found out it needed to be shipped from Chicago (I live in Boston) and I calmed down. But I can see how when a person’s endorphins peak, hasty decisions can ensue.

Use credit cards and not debit cards. If the site turns out to be fraudulent, your credit card company will usually reimburse you for the purchase; and in the case of credit card fraud, the law should protect you. Some credit card companies even offer extended warranties on purchases. With debit cards, it can be more difficult to get your money back and you don’t want your account to be drained while you’re sorting things out with your bank. Even better is a one-time-use credit card, which includes a randomly generated number that can only be used for a single transaction. While this may be an extra step in your shopping process, it can go a long way to protecting yourself online and it’s a good way to #HackYourLife.

shopping-deels

Beware of fake websites. When searching for a product online, you are likely to end up clicking on something within the first few pages of your search results. Cybercriminals often setup up fakes sites that look real at URLs that are common misspellings or typos of well-known shopping sites (also known as typosquatting).Instead of typing in the URL of your favorite site, make sure you have a safe search plug-in installed on your browser, like McAfee® SiteAdvisor®, and search for that site. SiteAdvisor will then give you color-coded safety ratings in your browser search results and give you a warning before going to sites that are known to be malicious.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Catphishing is a loveless Nightmare

What is catphishing? This recently coined term refers to false online identities created by Internet scammers to deceive people into a long-term romantic or emotional relationship.

8DHow can you tell you’re being catphished?

  • Out of the blue, some really attractive person begins communicating with you online.
  • This individual finds excuses not to use their phone or Skype.
  • When push comes to shove on your end, this person will finally agree to visit you, but then some excuse will surface, preventing the visit.
  • You’ll find it impossible to get a legit physical address.
  • Phone calls will have dead silence in the background since they’re made with a lot of caution.

Catphishers use photos that really aren’t of them: sites showing off the most commonly used photos.

Catphishing isn’t always a romance-based scam. Someone may create a fake identity to catch a sex offender or set a trap for an unfaithful partner. These may seem like benign motivations, but a false identity can be created also to give the catphisher 15 minutes of cyberspace fame—at the expense of luring a public figure into the web of deceit.

Snagging Catphishers

This can be accomplished if more sites simply incorporated iovation’s device reputation checks for suspicious computer history and investigated for characteristics consistent with fraudulent use. With this they’d be able to deny catphishing criminals, often before the first time they try to sign up.

iovation has many more categories specific to dating, including bullying, account takeovers, underage members, and so on. What’s unique to their globally shared system is that their clients can choose what to take action on or not.

For example, a dating site may choose to be indifferent to cheating in online gaming sites, but set up rules to trigger multiple account creations looking for profile misrepresentation.  Dating sites can specify which type of behavior to protect their users from.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247

How to design a secret Safe Room

Your house can easily have a “secret room,” for its novelty, for children and for a safe hideout from intruders. Entrances to these rooms are concealed by normal looking household features such as bookcases.

2BPurpose

Designing begins with determining the secret room’s function: a hideout? fantasy playroom? a space for meditation or writing your novel?

Location

Next, figure out where to have it. It’s easier to figure this out if your house is under construction. Otherwise, it can be located centrally, or inside a room or even in the basement. A smart option may be unused space such as beneath a staircase, in a huge closet or inside a storage room.

Furnishings

To save money, do as much remodeling, restructuring and furnishing as you can (including drywalling, painting, etc.). Hire professionals for electrical and plumbing unless this is your line of work. The room also needs proper heating, cooling and ventilation.

Secret Entrance

It’s best to have an expert design a spectacular secret portal. In fact, there are companies that specialize in secret room customization. An automated entranceway or portal can be created by a mechanical engineer so that this passageway is truly hidden (camouflaged as a dresser, fireplace, bookcase, what have you—even merged into the surrounding wall).

How It’s done

The automated doorway is built in the company’s workshop, custom-designed and shipped to the purchaser with complete installation instructions. The company can also send out installers. A secret entrance that’s 100 percent created professionally is nearly impossible to detect.

Truth or hoax?

The story on the Internet is that a guy was playing around in his house when his younger brother accidentally ran into a bookshelf—it opened to a secret spiral staircase that led to an unknown crawlspace…where a stranger was living. The older of the two crept down the steps far enough to discover the secret room, where his Halloween candy and a banana peel were scattered on some bedding. This story hasn’t been validated as true and is likely just an Internet hoax.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

What is a Data Breach and how do I protect Myself?

When protected, sensitive or confidential data is accessed or used by someone without authority, this is a data breach. This can involve any kind of data such as personal health, financial, or business related.

3DNot all data breaches result from hacking into a computer. One can breach data simply by peering over someone’s shoulder at the computer screen when they shouldn’t be. It can also be elaborately planned: A company’s new employee may actually be working for an extensive crime ring to steal data from the inside. Needless to say, a data breach can lead to identity theft (among many other problems).

In the workplace, especially retail, where credit cards are processed, the Payment Card Industry Data Security Standard is designed to provide retailers with guidelines to eliminate data breaches. In a healthcare workplace, HIPAA (Health Insurance Portability and Accountability Act) helps control who has access to personal health information.

How can you protect yourself?

  • As a consumer you must keep your operating system updated to the latest secure version.
  • Run antivirus, antispyware, antiphishing and a firewall.
  • Protect your wireless communications with encryption and use a VPN for portable devices.
  • Use secure passwords with upper/lower case and numbers.
  • In the event someone else is responsible for a breach read very carefully any notification of a data security breach and don’t assume that the breach was accidental or that identify theft is not likely.
  • Use an identity theft protection product. It will scavenge cyberspace for any unauthorized use of personal information such as from your credit cards and Social Security number; will keep track of personal credit information; and will send an alert if suspicious activity is detected—maybe even prior to you receiving a consumer notification.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

7 Tips to avoid ‘deadly’ social media

The vacant 5,000 square foot house next door to this kicking victim was on sale, and he had agreed with the realtor to keep an eye on it. Some kids got wind of this vacancy and put out a Facebook invitation to a Halloween rave party there.

1DHe called 9-1-1 and the police broke up the party. However, kids kept arriving because the Facebook notice was still up. A mob of perhaps 60 kids was brewing at the end of the street.

The victim-to-be began chatting with the realtor’s partner—in front of the rave house. The realtor then approached a kid and was assaulted. Our victim intervened without much thought, got blindsided by one thug, then kicked by several kids to the ground.

Hindsight is 20/20

The victim, only after the beating, realized that he should have:

  • Fled to his house and called the police.
  • Remained outside and called the police (not as safe as above, but a lot better than jumping into a fight)

However, these weren’t the best options. The best option would have been this victim calling the police to come back when the mob was forming.

  • The victim could have taken pictures of these kids (with his Nokia 1020) before any of the rumbling began.

Conclusion

  1. Avoid mobs at all costs.
  2. If someone is attacked, call the police and take pictures.
  3. Do not jump in to break up a fight. Three scrawny but very angry punks can take down a much bigger well-meaning solitary person.
  4. If you do get attacked, go ballistic—and target the gang’s leader.
  5. Sprint to safety first chance you get.
  6. Warn your kids about the dangers of raves.
  7. Check out the “crime radar” of your neighborhood with this new tool.

 

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

15 Tips to protect holiday packages from theft

During the holidays, thieves will actually follow delivery trucks, snatching the packages that the driver leaves at peoples’ front doors. Thieves will also cruise around neighborhoods in search of boxes left at front doors—and steal them.

Here are numerous tips on how to protect packages, that are being sent to you, from theft, and also how to safeguard anything you’re sending out. 4H

  1. Get a tracking number from the shipping company.
  2. Require a signature with the delivery.
  3. If you won’t be home, have the company leave the package at a local shipping center.
  4. Set up an obvious surveillance camera with your home security system.
  5. If UPS is making the delivery, get onboard with their U.P.S. My Choice program, which sends an e-mail or text message to the customer just prior to package arrival; it will be rerouted if nobody is home.
  6. Insist that the driver leave the package in an inconspicuous area.
  7. Have the driver leave the package at your apartment’s or condo’s office.
  8. Retrieve your mail as quickly as possible after delivery.
  9. If you can’t retrieve it daily, have a trusted person get it.
  10. If you’re traveling, have the post office hold your mail until you get back.
  11. Never received mail you were expecting? Contact the sender to see if it was sent. If so, file a complaint with the post office. This also applies if the contents of mail are missing.
  12. Bring your checks or money orders to a postal collection box (personally give it to a postal worker) for the delivery driver to pick up; don’t leave checks or money orders in your home mailbox.
  13. Never leave packages outside your door.
  14. Alert recipients of your packages as to when they are to expect them.
  15. Insure any packages you send.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

100 Person Identity Theft Ring busted

This year, one of the biggest identity theft rings originating from Minnesota was prosecuted—spanning 14 states and involving hundreds of victims. Total theft exceeded $2.5 million, and major retailers and banks were victimized.

1GJust who was part of this ring is mind boggling; the participants included a receptionist with the state Board of Psychology; and employees at the St. Paul Postal Credit Union, Wells Fargo Bank and other major companies. Insiders generally have direct access to client data and can do the most damage.

Victims of identity theft aren’t necessarily gullible and naïve. As just mentioned, one of the ring participants was the receptionist. She gave Social Security numbers of psychologists to the ring leaders.

One of those psychologists found out her identity had been stolen when a bank called her to report that a woman claiming to be her had attempted to get $4,000 cash back from a $6,800 check she tried to deposit. At another bank, the imposter tried again with a fake driver’s license in the victim’s name that had a photo of the imposter.

The imposter eventually confessed to cashing fraudulent checks and using fake checks and driver’s licenses with names of actual people. Her fraudulent purchases exceeded $154,500.

Basic Methods

  • Other participants purchased high-end products with fake checks printed from special equipment, then returned them for cash refunds or gift cards.
  • They also printed fake IDs and recruited about 10 people to enlist over 100 more to do the check cashing and product purchasing.
  • A ringleader would often sit in a car while their help cashed a fake check, then the proceeds would be split.
  • Thieves obtained personal information by breaking into homes, mailboxes, cars and businesses.
  • The scam even sucked in family and friends. One ringleader had his two sons in on it.

This goes to show you how susceptible the public is to a mastermind of an extensive identity theft ring. Makes you think you can’t even trust the receptionist of the company you work for.

All that being said, account takeover generally can’t be prevented when organized criminals get a hold of account numbers. However new account fraud, when thieves use your Social Security number, can mostly can be prevented with identity theft protection.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.