Banks and Retailers fight it out over Who’s at fault

The duking out between banks and retailers was launched this past December when a credit card data breach occurred to an estimated 110 customers of a big retail store.

1CIs the retailer responsible? Should the credit card issuers or banks take the brunt of preventive action? What about the consumer? Lawmakers are trying to figure out what can be done to keep the consumer’s data safe from hackers.

The 110 million breach aside, the generality is that the big tripod (banks, retailers, credit card issuers) doesn’t seem to grasp the concept of shared responsibility when it comes to protecting consumers’ data.

James Reuter of the American Bankers Association points out that banks tend to take the brunt of the responsibility with data breaches, way more than what banks are even accountable for. Banks “are making customers whole,” he says.

Meanwhile, retailers are all banding together saying that the customers have zero liability. Retailers know that the banks will swoop in and bear much more financial burden than they’re actually responsible for.

Reuter believes whichever entity—be it a retailer, card company or even bank—is responsible for hacking due to lame protection strategies, should take full responsibility.

Banks really want retailers to step up to the plate too. Forty-six states already have standards for businesses to inform customers of data breaches. However, banks would like a federal standard. Senators Tom Carper and Roy Blunt have introduced such a bill.

After a breach may be too late:

The customers of the breached retailer in December didn’t just have their credit card numbers taken, but other data such as e-mail addresses and phone numbers. Once hackers have these, they have more tools with which to drum up identity theft schemes—something they can’t do with just a credit card number.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

IRS announces a 66% Increase in Tax Identity Theft Investigations

Tax related identity theft is reaching nightmarish and epidemic proportions. Heed the following to minimize your risk.3D

  • File taxes early. ‘Tis the season for tax fraud, and scammers like to get a jump start from the beginning. File early before the fraudsters file.
  • Use electronic filing. Paying the IRS via e-filing is fast and more secure than the paper method. You’ll also get an e-confirmation of receipt. E-filing also lets you know promptly if another person has filed under your own information.
  • An IRS e-mail is probably a fake. You’ll never get an unsolicited e-mail from Uncle Sam asking for your SSN, date of birth or other private information. Don’t open these e-mails. If you accidentally open one, do nothing more than forward it to phishing@irs.gov.
  • Fake web sites. Telltale signs of a fraudulent site are typos and grammatical mistakes, odd page layouts, an unprofessional appearance and other oddities. Be suspicious if there’s not a tiny yellow padlock and “https” to the left of the URL.
  • Be careful where you store. Never store tax information on an Internet drive or cloud. If it must be stored on a computer, encrypt the drive. Better yet, store it on an external drive or disk that’s encrypted or password protected, and store this in a locked safe.
  • Strong, long passwords and usernames. Use an assortment of characters (letters, numbers, symbols like # and *).
  • Check your annual Social Security statement. It shows all income from U.S.-workers under your SSN.
  • Your tax preparer. Use a reputable, licensed tax preparation firm. There exist many tax fraudsters.
  • Be on red alert. Services that claim to have no or very low tax liability often sock you with very high fees, or divert refunds or take money from returns.
  • Snail mail alert. Monitor reception of tax forms. Take notice if any are late or seem to have been opened. If anything is awry, notify the provider at once to find out when they were sent out.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Tips on Getting a Dog for Home Protection

As a security analyst, I have always endorsed getting a dog for home protection. I’m going to provide some tips on what to look for in a home security dog, but first I want to briefly share a riveting true story that was reported on Madison.com.

2H“Slim” is a police dog. Police in Madison, WI, responded to a church’s burglar alarm and saw a man, Gordon Sullivan, sweating and short of breath. Sullivan denied any involvement with the church break-in. Slim couldn’t do anything at the crime scene where a window was pushed in without something to work with. Sullivan handed over his shoe to the police to take to Slim who was at the church crime scene. Slim then led his handler down the street to where Sullivan was sitting inside a squad car. Good dog! Sullivan was arrested on the spot.

Tips on Getting a Dog for Home Protection

The first tip is knowing what a home security dog is, and is not. It’s a myth that such a canine is always snarling, baring its teeth and ready to pounce and bite. A true protection dog is a very alert animal, loyal at responding to the call of duty.

A true protection dog is trained for this task, even though some breeds are more easily trained in this realm than are others. Breeds like Dobermans and German shepherds have “prey drive.”

Additional tips for getting a home protection dog:

  • Make sure that the animal is safe for family members to be around.
  • Your new pet should also be safe for strangers.
  • The dog should have a sense of when there is a threat looming.
  • You do not want an animal that bites or aggresses for no reason; this isn’t security  —  it’s a potential lawsuit.
  • Do your homework on this entire issue, with the help of these tips. Be a great master and your dog will protect you and your house.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Beware of Employees Who Lie About Their Identity

It’s way too easy for anyone to pretend to be someone else. When hiring, make sure you use identity proofing measures so you don’t get scammed.

When hiring, the first concern most companies have is determining how effective an employee will be. In fact, the first concern should be determining if the person is actually who he or she claims to be. Regardless of the nature of your business, an employee masquerading behind a false identity can wreak havoc on your company.

Michael Chertoff, the former chief of the Department of Homeland Security, stated, “I’m going to submit to you that in the 21st Century, the most important asset that we have to protect as individuals and as part of our nation is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community.”

We are functioning in an environment in which humans have yet to be truly verified or authenticated. There are 7 billion people on the planet using thousands of various forms of identification, but with little security. In the United States, the Social Security number is, regrettably, a national ID that is available in file cabinets and databases everywhere, including for sale online. There are thousands of variations on birth certificates (I have five different versions of my own); there are people selling fake IDs, from kids on college campuses all the way up to organized criminals; and credit is wide open, which means anyone who gets hold of anyone’s identification can get credit under that person’s name.

Protecting Yourself

It’s important to understand what identity proofing is. As you might have guessed, identity proofing simply refers to proving that individuals are who they say they are. Identity proofing often begins with personal questions, such as asking for the name of a first grade teacher, mother’s maiden name, first phone number, or the make and model of a first vehicle—as though (in theory) only the actual person would be able to provide the correct answers. Of course, this technique is not foolproof, and now that personal information is so readily available on the Internet, knowledge-based authentication is effectively on its way to extinction—and for good reason. 

The next step in identity proofing is documentation, such as a birth certificate, a copy of a utility bill, high school yearbook, mortgage statement or, of course, a driver’s license or passport. Some of these identifying documents can be scavenged from the trash, but they are effective proof when combined with personal questions. Biometric features, such as fingerprints or iris scans, can help further authenticate an individual’s identity.

Identity scoring, which is in use with many mortgage brokers today, is another effective identity proofing method. An identity-score system can tag and verify the legitimacy of an individual’s public identity using the Internet and both private and government websites. Identity scores are being used to prevent business fraud and to verify and correct public records. Identity scores incorporate a broad set of consumer data, including Internet data, corporate data, personal identifiers, credit records, public and government records, self-assessed behavior patterns and predicted behavior patterns based on empirical data.

Finally, fake IDs contribute to the exasperating problem of imposter fraud. Get the ID Checking Guide to assist you with employee ID verification. Verifying an ID is important, whether for an initial screening or a final ID check. By reducing fraudulent employment applications, time and money can be saved and problem employees who lead to litigation can be averted. 

Eventually, detection methods for fake IDs, such as smartcards, biometrics in all its forms, and multi-factor authentication, will help ensure that the identities presented can be trusted—and being an imposter won’t be so easy.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Banking and Brokerage Accounts vulnerable to “Account Takeover”

It wasn’t pretty: those fairly recent credit card breaches at a few big-name retailers. As newsworthy as these were, they’re actually not the greatest risk for wealthy folks; a bigger foe is a money management firm lacking sufficient checks and balances.

3DAttack schemes:

Another type of attack can hit an organization hard: some cyber punk getting into your clients e-mail account, then using their stolen information to rob money from the clients financial accounts. E-mail related fraud is booming.

Perhaps the biggest scheme is when an employee gets an e-mail in which someone is requesting money—and urgently. Often, the employee is lured into clicking on a link inside the e-mail, and the end result is that the employee ultimately reveals personal data, allowing the system to get hacked.

Another common realm of infiltration is via unsecured public wireless networks, such as at an airport or hotel. Fraudsters will set up hot spots—fake, of course—that yield Internet access but will ensnare employee data.

Employees can also expose their accounts to hacking by using their e-mail address to log into their own financial accounts. This makes the job easier for cybercriminals.

Protect Your Business

Here are some ways to add protection:

Revamp how employees wire money for clients (one way to do this is to require that the recipient’s authenticity be verified with a phone call).

Clients should verify any and all wire transfers from their accounts.

If a client’s computer is not recognized or has an unfamiliar IP address, the client should be called with a code that completes the transaction.

Incorporate multifactor authentication in the login process and when transfers of any substantial amount are made.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

VPN for Online Security: Hotspot Shield

Online users need a VPN (virtual private network), a kind of service that gives you online security, and Hotspot Shield’s service has a free version. A VPN hides your device’s IP address and interferes with any company trying to track your browsing patterns.

7WMany online companies take peoples’ data without their authorization, and then share it with other entities—again without the user’s permission. A virtual private network will put a stop to this invasion.

Thanks to the fiasco with Edward Snowden and the political messes happening in Venezuela and other parts of the world, many people are turning to VPN services like Hotspot Shield. When you surf the ‘Net on a public network (including using social media), your personal information is up for grabs in the air by vultures.

Why is VPN online security important?

Your personal data is out there literally in the air, to get mopped up by Internet entities wanting your money—or oppressive governments just wanting to snoop or even block internet access to the rest of the world. If you use your device when traveling, you’re at particular risk for suffering some kind of data breach or device infection.

The unprotected public networks of hotel, airport and coffee house Wi-Fis mean open season for crooks and snoops hunting for unprotected data transmissions. The VPN protects these transmissions of data.

In fact, Hotspot Shield was used to escape the prying of government online censors during the Arab Spring uprisings. This VPN has been downloaded hundreds and hundreds of thousands of times.

This VPN service comes with periodic pop-up ads and some banner ads for the free version, but the $30 per year version is free of ads and has malware protection.

What else does a VPN like Hotspot Shield do?

Users are protected from cookies that track where the users visit online. If your online visits are getting tracked, this information can be used against you by lawyers and insurance companies. And who knows what else could happen when tech giants out there know your every cyber move.

More on Hotspot Shield’s VPN

  • Compresses bandwidths. All the traffic on the server side, before it’s sent to the user’s device, is compressed. This way users can stretch data plans.
  • Security. All of your online sessions are encrypted: HTTPS (note the “S”) is implemented for any site you visit including banking sites. You’re protected from those non-secure Wi-Fi networks and malware.
  • Access. Think of the protection as a steel tunnel through which you access the Internet.
  • Privacy. Your IP address is masked, and so is your identity, from tracking cookies.

Hotspot Shield is compatible with iOS, Android, Mac and PC. It runs in the background once it’s installed and guards all of your applications.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

5 Smart Ways to Protect Your Home from Dumb Burglars

Having been a home security expert for years, I am always amazed at how dumb criminals could be, but there’s always a homeowner they can outwit, such as in the case below:

3HA man burglarized two houses in Marshall town, Iowa, and then sold the loot on Facebook, says a story in the online Times-Republican. The genius busted in when the homeowners were on a holiday trip, making off with several TVs, DVDs, clothes, even small kitchen appliances.

Here are ways to protect your home from burglars dumb and smart, skittish and determined:

  1. Secure the garage. Many burglars gain entry via the garage. Make sure your automatic garage door opener, if in your car, is hidden from view. Always keep the door locked that joins your garage to your home. Often, this door goes unlocked, creating a weak link in home security.
  2. Have strong doors and locks. Exterior doors should not be hollow-core, but made of metal such as steel, or solid wood. Use a deadbolt lock, and never forget to lock all doors and windows when you leave and also when you go to bed.
  3. Don’t hide keys outside the house; even a dumb criminal will know to look under the flower pot or doormat. Leave a spare set of house keys with a trusted person when you’re on vacation.
  4. Use a home security monitoring system. The screaming alarm is a superb deterrent should a burglar penetrate a portal. All exterior doors should have detectors and motion sensors. This system should be linked to a monitoring center so that trained professionals can promptly send out help.
  5. Don’t advertise your vacation. A would-be burglar can learn you’re away by reading your Facebook page’s posts about your vacation plans. Crooks do indeed peruse social media sites for these kinds of posts. Keep your vacation plans as secret as possible. Put a hold on your mail or have a trusted person collect it. Put a vacation hold on newspaper delivery.

Follow these guidelines and they’ll make a big difference in the protection of your home from intruders.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Small Business Protect Your Wifi

With Wi-Fi, your data is literally in the air, up for grabs by anyone with the right tools. It needs protection from nearby users who may want to freeload off you (which can slow you down) or…hijack your accounts. You need encryption.

1WEspecially when you’re connected in airports, hotels, coffee shops, etc., almost always the connection is not secure.

Wi-Fi Security Options

Varying security levels are provided by WEP, WPA and WPA2. WEP is not secure. WPA provides moderate protection. WPA2 is the best. But you can use both WPA and WPA2. Use the “personal mode” (for one or two users) of WPA/WPA2 with a long, non-dictionary word passphrase.

For more than a few users, the “enterprise mode” is suitable, but requires a server. It has stronger security than personal, and each Wi-Fi user has his or her own password and username. Enterprise prevents snooping and hijacking among your organization’s employees.

Personal: To enable personal mode WPA2 on a wireless router, create a passphrase on access points or the wireless router. Type the IP address of each AP or router into a web browser to log into the control panel of each AP or router. Then enable WPA2-Personal with encryption/cypher type by finding the wireless security settings. Create a non-dictionary-word long passphrase—which is required to connect to the Wi-Fi.

Enterprise: You need a RADIUS server to get WPA/WPA2-Enterprise going. A hosted service will set up the server if you can’t. Some APs have built-in RADIUS servers. After the RADIUS server is all set up, input a password (shared secret), etc., for each AP or router. Input usernames and PWs for your organization’s Wi-Fi users into the RADIUS server.

Configure each AP or router with authentication and security settings. Log into the control panel of each AP or router by typing its IP address. Find the wireless security settings; enable the enterprise WPA2 (“WPA2”). Enter the IP address; input the password (shared secret). Users can now connect.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Kim Kardashian’s Identity Theft Case cracked

Never underestimate the brains of a young guy who still lives with his mother—at least not the case of 19-year-old Luis Flores, Jr., who was smart enough to steal the identities of Kim Kardashian and even the head of the FBI, and assume their financial accounts.

11DOf course, he wasn’t smart enough not to get caught.

Flores’ weapon was a flash drive loaded with private data from celebrities and politicians; he got into their credit card accounts and transferred thousands of their dollars to his bank account. He got nabbed finally.

Red flags raised when American Express reported some suspicious activity on a number of accounts, causing the Secret Service to investigate Flores and his mother.

Someone had phoned American Express claiming to be Kim Kardashian, knew her private information, then changed the account’s SSN to that of Flores’. The snail mail address was changed to Flores’ apartment’s. The caller then requested replacement cards.

The Secret Service questioned Flores and Kyah Green, his mother, about the cards but they didn’t cooperate. The Secret Service also discovered that Flores had a history of fraudulent behavior. Additionally, Flores had wired money from Kris Jenner’s account into his own.

It gets better: Authorities linked Flores to fraudulent activity involving Ashton Kutcher, Paris Hilton, U.S. Marshals Service Director Stacia Hylton and former FBI director Robert Mueller.

The flash drive was discovered in Flores’ apartment by the Secret Service. In it was the bank and credit card accounts, credit reports and SSNs of all the victims named prior, but also those of Bill Gates, Michelle Obama, Joe Biden, Beyoncé Knowles, plus other politicians.

How could Flores’ have gotten this sensitive information? A web site that was launched last year by hackers. It is believed the hackers got the data from legitimate sources such as information brokers who didn’t realize their clients were criminals.

The search of Flores’ apartment by agents didn’t stop him; he contacted American Express in an attempt to access the accounts of Gates, Kutcher and Tom Cruise.

Flores and his mother were charged federally; both pleaded guilty. This is one more reason to invest in identity theft protection or get a credit freeze.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Protect Your Home without a Gun: Effective Ways

Yes, you can protect your home without a gun. Having been in the security industry for many years, I have instructed homeowners on proven ways to protect their home without using a firearm. Here are proven ways to protect your home without a gun.

5HPepper Spray

This stuff works. Just getting the mist in your face from it being carried upwind will make you cough and your eyes burn. Imagine what this chemical will do when sprayed directly into the face of a home intruder.

House Watching

  • Have a house sitter stay at your place while you’re on vacation.
  • Arrange to have trusted people drop by occasionally as well.
  • Use a monitoring firm that will send help if an intruder trips an alarm.

Exterior Fortification

  • If possible install flood lights, particularly near secluded portals.
  • Employ a motion sensor that flips the lights on.
  • Plant thorn-bearing brush under windows and other areas where a burglar might creep around.

Get a Dog

  • Not only will the homeowner be awakened by even a tiny dog’s frantic barking when it hears/smells a stranger on the premises, but it will get the attention of neighbors. Many a burglar will flee when little Princess begins yipping like mad, let alone Duke.
  • If the dog alarm goes off, call 9-1-1.
  • Grab the baseball bat or golf club (that you have at your bedside) to prepare for possible defense.
  • Don’t get ahead of yourself with swords or weaponry you’re not trained to use, or that look effective but can’t be swung in limited space.

Cameras

  • Arm your perimeter with a complete surveillance system.
  • Security cameras, when detecting motion, can emit a siren or lighting that can alert the homeowner via a smartphone.
  • Use apps that allow you to view your home from your mobile device.
  • Install cameras inside your house as well.

Home security system

  • A home alarm screams when you can’t.
  • Home security systems call the police when you aren’t able.
  • Home security alarms deter intruders who fear they might get caught.

If guns make you feel unnerved, you just learned how you can protect your home without a gun.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.