National Retail Federation pushes for Chip and PIN

The recent major retail breaches have fueled increased interest by the National Retail Federation to push for implementation of a chip and PIN payment card technology. This would make the magnetic strips on payment cards obsolete and no longer a calling card for hackers.

1C“We’re here today because the question of data security and cyber theft in retail has become a very important debate in Washington,” said David French, the senior vice president of government relations for the NRF.

The U.S. still relies upon the magnetic strip—buyers or employees swipe the card and sign for the transaction. The chip and PIN means a chip is embedded into the card. A “reader” reads the chip but also requires the cardholder to enter a PIN to complete the purchase: a two-ply authentication process.

Magnetic strips allow thieves to make counterfeit cards that work, but the chip technology would prevent this.

“It’s going to be a very expensive transition,” says Mallory Duncan, NRF senior VP and general counsel, referring to the switch from magnetic strip to PIN and chip. A chipped card costs 4-5x as much as a stripped card: a cost that card issuers are not crazy about investing in.

However, the retail industry isn’t off the hook. Duncan notes that “every one of the (payment) terminals has to be replaced and depending on whether you’re counting just retailers or doctors’ offices and other places that are thought of as retail, it’s going to be between nine to 15 million (pieces of point-of-sale) equipment that have to be replaced.”

That’s more than $1,000 per unit, she adds. The migration to chip technology includes software and training, and based on Great Britain’s cost to migrate, the U.S. could be looking at “$20 billion or $30 billion to swap out equipment,” says Duncan. And that’s an under-estimate.

The starting point for the swap is banks issuing the chipped cards, says Duncan. Then the retail industry will know it’s worth it to finish the job by implementing the terminals.

The banking industry isn’t taking well to the retail industry’s stand on who should make the first move. Banking leaders believe that recent big retail breaches were primarily caused by, as they responded to NRF’s media briefing, “failed computer security at major retailers.”

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

You can have Security in an Attractive Lock

Who says a good door lock can’t look good? Being that your home is far more likely to be burglarized than you are to be mugged walking down the street, you can’t neglect to have a high security deadbolt for your door, even if you live in a “nice” neighborhood.

decThe deadbolt is a maximum security defense and should be installed on every door to your house, including back doors. You can have the strongest, biggest bolt with Schlage’s Grade 1 product.

But what about the looks of the locks?

Take a look at your door locks. What brand are they? Are they attractive or just your every day door lock that you don’t pay any attention to? It’s time to upgrade!

After all, you take pride in your home’s curb appeal, including its doors. You can have front entry handlesets installed that offer the maximal bolt protection you want, plus the style and flare that you also desire.

In fact, you can even have customized the interior of handlesets with a variety of door lever or door knob styles and finishes.

To complement the deadbolt’s appearance, you can add a number of relevant accessories such as attractive door knockers, kick plates, door stops, viewers and stylish house numbers.

For example, a kick plate can be coordinated with a handleset. The kick plate is a finish at the bottom of a door (often a shimmering metallic style) that prevents scuff marks from shoes.

A wide range of design and elegance is out there for those seeking protective accessories for their doors.

And don’t forget about the choices in appearance you have for your indoor locks. You can, for instance, get a doorknob with an aged bronze finish to compliment your interior’s décor.

Let’s go a step further and consider the deadbolts and other types of locks you’ll need for your business away from home. These days, security can easily be coordinated to accommodate your taste in décor, without sacrificing efficacy of the security.

And by the way, Schlage has a “lifetime finish warranty” for their lock products.

Robert Siciliano home security expert to Schlage discussing home security and identity theft on TBS Movie and a Makeover. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

Healthcare Records vulnerable to Criminals

Just about every kind of healthcare related entity—hospitals, rehab centers, pharma companies, insurance carriers and more—have been and continue to be compromised by cyber criminals.

2PThough your doctor can boost your resistance to heart attack, the hospital he works at remains prone to hack attacks by crooks wanting access to all sorts of data and other sensitive information.

This isn’t just a leak of patients’ personal health information, but the institutions’ billing systems and intellectual property get in the hands of crooks.

Once the hackers are in, they’re in a position to launch more attacks on other networks and commit billions of dollars worth of fraudulent transactions.

Here are some bitter pills to swallow:

  • Compromised devices include radiology imaging software, Web cameras, firewalls and mail servers.
  • Quite a few compromises occur due to simple issues like failing to change default credentials on firewalls.
  • Tens of thousands of malicious events can occur within a healthcare IT environment during the time that intelligence is gathered.
  • Not only can cyber criminals get ahold of patient addresses, SSNs and medical condition data, but they can manipulate medical equipment.
  • Healthcare providers accounted for 72 percent of malicious traffic according to the SANS-Norse Healthcare Cyberthreat Report. In addition, healthcare business associates: 9.0 percent; health plans: 6.1 percent; pharmaceutical: 2.9 percent; healthcare clearinghouses: 0.5 percent; miscellaneous healthcare related entities: 8.5 percent.

This all means that patients are getting a big burden financially in that healthcare costs rise in response. For instance, the cost that was related to compromised medical insurance records and files in 2013 was $12 billion. This gets trickled down to patients.

Many healthcare related organizations cannot adequately protect sensitive data; the cyber attacks are like a relentless virus, overtaking its host.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Fake Funeral & E-mail Scams: Recognize & Avoid

How does a funeral scam work in the first place? This is something that I, as a security analyst, teach to the consumer public. First of all, the fake funeral scam starts off with an e-mail. The fraudulent e-mails come disguised as a notification for a funeral.

9DThe Better Business Bureau describes how the funeral scam works:

The subject line of an e-mail will say “funeral notification.” The message can be from anywhere, though it’s made to look like it’s from a Texas funeral home. You’re invited to a “celebration of our friends’ life service.” It’s a real-looking e-mail. It even uses the funeral home’s actual logo.

Of course, typical of scam e-mails, you’re urged to click a link inside the message, to view “more detailed information” about the ceremony. But clicking on the link will take you to a foreign domain, where malware awaits  –  to be downloaded to your computer. The crooks will then have access to your personal data.

How to Avoid the Funeral and Other E-mail Scams

  • Just because a real-existing business’s logo is in an e-mail message, doesn’t mean that the message is authentic and not fraudulent. A scammer can even make the sender’s address appear authentic.
  • Before clicking on a link inside a message (and you shouldn’t, anyways), hover over the link to see what the source is.
  • But why hover when you’re smart enough NEVER to click on a link inside an e-mail message in the first place?
  • A message from a company that has poor spelling and grammar is highly suspicious.
  • Messages calling for immediate action are usually scams.
  • Don’t click pop-ups that seem to originate from your computer, even if they warn your computer has been infected.

You now know how to stay ahead of crooks trying to rip you off with the funeral scam e-mail.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

15 Small-Business Social Network Nightmares

You may think you’ve guarded your company, but are your social media outlets unprotected? Look at these 15 potential weaknesses in your defense.

11DCan you think of five social network nightmares you hope never happen to your business? How about 10?

Well, I can top that, because there are at least 15 social network mishaps that can haunt a business owner. Here’s a closer look at 15 types of trouble you can encounter on Facebook, Twitter and other popular social media platforms. Once you’re aware of all these potential dangers, you should take the necessary steps to prevent them from damaging your company.

1. Posting about illegal or questionable activities. Can you think of an illegal activity your employees might engage in that could get your company into trouble if they posted it on Facebook? How about underage drinking? If you employ teens under the age of 18 and any of them posted a photo of themselves drinking at your place of business, you could be in trouble with the law. And even if all your employees are adults, they can still post something unflattering (though not illegal) that could smear your reputation.

2. Account hijacking. Remember when the Dow dropped 150 points last April after someone hacked the Associated Press’ Twitter account and sent out a tweet that fraudulently claimed the White House had been attacked and President Obama had been injured? Don’t shrug it off—account hijacking can happen closer to home. Fraudsters may send your employees Twitter messages on their workplace computers that are designed to fake the recipients into thinking they’re receiving authentic messages when, in fact, the fraudster’s motive is to get money or sensitive data.

3. Bullying on Facebook. Bullying doesn’t just happen among kids; workplace bullying also exists, and what better place than on social media? Sometimes employees who manage a company’s social media get frustrated with the public’s comments and fight back with below-the-belt comments.

4. Online reputation management. Make sure you and your employees never post anything on Facebook that you wouldn’t show your grandmother or wouldn’t want going viral and damaging your brand.

5. Social media identity theft. Ever considered the possibility that someone could take your business’s name and use it for nefarious purposes? Someone could crack your password, take over an account and cause a trail of destruction. Or they could create a new account using your business’s name and post all sorts of alarming, but false, things about your company. Make sure your business name is protected by constantly navigating the Web, seeking out spoofed sites and your likeness or logo.

6. Financial identity theft. Does your company’s Facebook page include personal information about employees, such as the names of their pets or children? What about their birthdays? Hackers can take this information and use it to crack passwords to online business accounts. Be sure to use privacy settings, and make sure your company’s Facebook page isn’t full of personal details.

7. Burglaries. Never post information about vacation or travel dates on your social pages. Do you want the whole world (which includes crafty burglars) to know when you’ll be away?

8. Geo-stalking. Don’t use location-based GPS technology unless you absolutely need to (for instance, if you and your employees are on a “team building” trek in the wilderness and get lost). While search-and-rescue teams need to find you, stalkers who want your identity do not.

9. Corporate spying. Yes, it’s possible: A crook could pose as one of your employees, set up a Facebook group and invite all your employees to join. This enables the bad guy to gather sensitive data from your business and use it against you.

10. Harassment. Someone who’s disgruntled could stalk your brand and make false accusations. They could set up blogs and social sites, post videos and continually tweet their angry thoughts.

11. Government spying. It’s 10 p.m.: Do you know who it is you just friended on your Facebook page? The Associated Press says, “U.S. law enforcement agents are following the rest of the Internet world into popular social networking services, going undercover with false online profiles to communicate with suspects. Just don’t be a ‘suspect.’”

12. Sex offenders. Sex offenders have been known to pose as someone other than themselves—younger, a different sex, etc.—so they can gain the trust of their victims. You might connect with them online as a business only to discover down the road that they’re a predator.

13. Scams. A bad guy could set up a phony Facebook page and then create phony contests to slurp sensitive customer data such as names, addresses, emails, phones, account numbers and credit card numbers.

14. Legal liabilities. Privacy settings on Facebook can hide posts, but that doesn’t matter to a judge in New York who recently ruled that items posted on Facebook (as well as other social networking sites) can be used as evidence in court—even if the posts were concealed by the privacy settings.

15. Zero privacy. And speaking of privacy, don’t assume you actually have any, because thieves have already figured out how to yank data from the innards of Facebook that’s supposedly just for you and your closest colleagues to see. So be very careful what you put up on Facebook, privacy settings or not.

Robert Siciliano is the author of four books, including The 99 Things You Wish You Knew Before Your Identity Was Stolen. He is also a corporate media consultant and speaker on personal security and identity theft. Find out more at www.RobertSiciliano.com.

Data Brokers: What Are They; How to Get Control of Your Name

Data brokers have lots of personal information about you; here’s what you can do about that.

8DEver hear of the term “data broker”?  What do you think that is? Think about that for a moment. Yep, you got it: An entity that goes after your data and sells it to another entity.

The entity that gets the data, the broker, is called a consumer data company. They snatch huge amounts of data from individuals all over the planet and sell it. And who wants your personal information? Your information is of significant value to marketers, companies doing background checks and in some cases, your government.

They want to know what you like to buy, what you’re most likely to buy, if you want to lose weight, build muscle, what kind of cars you like, where you vacation, what you eat, where you shop for clothes, what kind of disease you have, whether or not you’ve been assaulted or if you have committed a crime…all so they can get a solid picture of who you are.

You now know about data brokers: a whole new industry that reflects our evolving technology. Lawmakers have taken notice of this flourishing industry, trying to get companies to give some control to consumers over what becomes of their data.

At least one data broker makes it possible for you to see how much data is out there about you and to possibly edit and update it. But that’s not enough.

Just how much do data broker companies even know about people?

They build you up from the inside out; starting with skeletal information (name, address, age, race) and padding the meat on from there: education level, medical conditions, income, life events, (buying a home, getting divorced), driving record, law suits against you, credit scores and more. One credit reporting agency even sells lists of the names of people expecting babies and who has newborns. They even sell lists of people who make charitable donations and read romance novels. Data brokers can even get ahold of your income information.

This doesn’t mean that any one data broker knows everything about you. It’s just that a heck of a lot of personal information about you is potentially scattered all over the place. Data brokering is legal: a multi-billion dollar industry involving trillions of transactions every day. But this doesn’t mean the consumer is without rights or power. You can, indeed, do some reclaiming of your name from the data brokering industry.

How do you get control and manage your name?

Sit and wait: As mentioned, lawmakers are putting the heat on data companies to make it possible for consumers to have some control over all of this. The FTC recommended in a 2012 report that the data mining industry establish a website that reveals names of U.S. data brokers plus other relevant information.

  • Got to StopDatamine.me: Data brokers have not responded, so someone else did: a site that tells consumers who the data brokers are and their opt-out links.
  • Browse “Incognito”: with Googles Chrome browser you can open a “New Incognito Window” once opened, you’ve gone incognito. Pages you view in incognito tabs won’t stick around in your browser’s history, cookie store, or search history after you’ve closed all of your incognito tabs. Any files you download or bookmarks you create will be kept.
  • However, you aren’t invisible. Going incognito doesn’t hide your browsing from your employer, your internet service provider, or the websites you visit.
  • Use a VPN: For the ultimate in masking your webcrumbs use Hotspot Shield VPN which acts as a proxy and covers up your IP address and protects your devices and data from Wifi hackers at the same time.
  • Plugins: Browsers Chrome and Firefox offer a plethora of addons to mask your browser. DoNotTrackMe is a good one.
  • Behave: Yes, just be good, don’t commit any crimes, because you can’t erase bad behavior from government records.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Police Want your Home Video Surveillance Footage

Police in San Jose, California believe that viewing home security footage will help them solve crimes. The proposal for homeowners to voluntarily register their security cameras for a new police department database is the creation of councilman Sam Liccardo. The idea is to view the footage promptly after a crime.

1HLiccardo revealed the proposal following a rash of arsons. Property owners willingly gave their home security videos to the police to help identify the arsonist, who has burned down a dozen buildings.

The new database would be managed by pre-existing city technology employees, making the cost nominal.

Homeowners would simply sign up for the database. Police could then remotely gain access into the cameras’ feeds. However, older models would need to be turned in for their tapes.

The issue of privacy concerns has been reared, even though the plan would be based on voluntary actions—which actually doesn’t make sense, since nobody would be forced or even pressured to give up their home footage.

Retired judge LaDoris Cordell says that the database plan is simply an extension of the evolution of surveillance technology, rather than an intrusion of privacy, a way for residents to be abreast of the happenings in their neighborhood.

San Jose wouldn’t be the first to launch such an initiative. Nearly 600 businesses and residents in Philadelphia have signed up with a similar program, which has led to 200 arrests based on video footage.

Liccardo will be facing a “Big Brother” obstacle as he attempts to get his plan approved, but says that the police will not be sitting around watching live feeds for kicks.

There have been no adverse responses to a similar program with the Los Gatos/Monte Sereno police department, in which 30 property owners have signed up.

Sources:

http://abclocal.go.com/kgo/story?id=9405534

http://www.ktvu.com/news/news/crime-law/san-jose-police-look-new-tactics-solve-crime/nczm5/

http://www.mercurynews.com/crime-courts/ci_24979753/san-jose-police-would-tap-into-residents-private

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

Financial Services and Retail band together to fight Fraud

Finally, retailers and banks have agreed to work together to fight data breach incidents, foregoing the finger-pointing of who’s responsible for prevention and recovery.

1DThis means both entities will work to improve technology that will protect consumers. Historically, the squabbling consisted of retailers accusing banks of being lethargic at adopting updated, more secure debit card technology; and banks insisting that retailers soak up more of the costs for card replacement following breaches.

However, despite the move forward of joining forces, banks and retailers will surely continue having differences. For example, the cost of getting replacement cards is “not something that the two industries are likely to agree upon,” said Tim Pawlenty to Reuters; he’s chief executive of the Financial Services Roundtable.

So how did both parties decide to join forces? Pawlenty was contacted by Sandy Kennedy, the head of the retail leaders group.

This partnership will develop improved communication so that retailers can have a formal program regarding cyber threats. “We both viewed this as an opportunity to collaborate rather than to wage a public battle,” says Brian Dodge of the retail leaders group.

In addition to card related breaches, the partnership will focus also on smartphone security. Use of mobiles to make payments has stunted progress between retailers and banks.

In fact, MasterCard Inc. and Visa Inc. have named a 2015 deadline to implement “chip and PIN” cards to replace the magnetic stripped cards that are so vulnerable to hacking.

Unfortunately, this switch is pricey, and both retailers and banks are not willing to be the first to take that dive off the high board. Especially since more and more people are using mobiles to make payments.

However, security for mobile users could reinforce the retail-bank partnership, says David Robertson, publisher of The Nilson Report. “We need to make sure that mobile becomes a secure way of doing business,” he says.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Dear Colleagues, Clients, Friends, Family, Media and all others

This week (April 15) marks one year since the rampage in Boston.

This Monday April 21st I am running my 3rd Boston Marathon with 38,000 other people and I’m doing it in the spirit of Gratitude and Grace for Boston Childrens Hospital charity.

Shortly after the bombings, evacuating the city, carrying my 40lb child after running 26 miles. Hurt, angered, saddened and grateful to get to my family.

Shortly after the bombings, evacuating the city, carrying my 40lb child after running 26 miles. Hurt, angered, saddened and grateful to get to my family.

Many of you have already very generously donated which makes you fabulous!! Last year we raised almost 9k for sick kids. In 3 years we have raised over 20k and I’m hoping with this post  we can get to 25K, so please…donate!

DONATE HERE http://ow.ly/rCSvD

FOLLOW THE RACE:
For those interested in following my race progress you can get text/email messages sent automatically regarding my progress. Go tohttp://www.baa.org/races/boston-marathon/participant-information/att-athlete-alert.aspx and learn how to sign up for alerts. You will need to enter my Bib# below.

My Bib# 32732

Be forewarned, I’ve had a tough training season with multiple painful physical therapy appointments and many cortisone shots. This will be a slow run/walk race to get to the finish line safely. Expect a 5.5 hr journey.

LAST YEAR:
Last year I got stopped at the 26 mile mark within yards of the bombings. My wife and kids were at the finish line, saw more than they should, while waiting for me. My experience wasn’t as harrowing as others, but it wasn’t a good one either. I spent that evening and the next 3 weeks doing media, communicating my perspective of the event. Click or copy/paste my account here: http://robertsiciliano.com/blog/2013/04/19/2013-boston-marathon-my-best-worst-day-ever/

GRATITUDE AND GRACE:
Gratitude and Grace: “The greatest gifts are those that can never be reciprocated, like the gift of health that the doctor makes to a poor patient, demanding nothing in return, or like the gift of life and nurture that a mother makes to her child, or like the gift of his own life that a soldier makes when he dies in battle for his country.

Philosopher Roger Scruton in The American Spectator defined Gratitude and Grace. One sentence in particular “Everyone who has suffered some major calamity, be it illness, loss, or some sudden reversal of fortune, feels, on pulling through, a great surge of gratitude.” means a lot this year.

When I give something I am present in the gift: it comes from me and is a symbol and an out-growth of the free self that is the moral heart of me. The gift comes wrapped in affection, an out-going of me to you that is created by the very act of giving. Even if the gift belongs to a context of ritual and reciprocity, it is something more than a bargain or a contractual exchange. It is I, going out to you.

The proper response to a gift, even a gift of charity, is gratitude. People who feel gratitude also wish to express it. The easiest way is to give in one’s turn. By giving you pass on and amplify the goodwill that you received.”

American Spectator. Read more here: http://spectator.org/articles/39831/gratitude-and-grace

PERSONAL NOTE:
“Life is not without struggle. It is in that struggle that we see the truth in life. For me, through struggle and truth, I learned gratitude. It is with that, I give back. Today my life is an exercise of gratitude and grace and my life’s efforts are my gift to our world.” Robert Siciliano

Donate to Boston Childrens Hospital here: http://ow.ly/rCSvD

Robert Siciliano
http://RobertSiciliano.com
Demo Video http://www.youtube.com/watch?v=p_ikx0_erfU

Data Security Legislation is inevitable

A law(s) for data breaching is around the corner. And the time is right, what with the scads of data breaches involving major retailers lately. Details of customers’ addresses, phone numbers, credit cards and other sensitive information have ended up in the hands of hackers. We’re talking many tens of millions of affected consumers.

3DDespite this mushrooming problem, no consensus has yet arrived regarding just what role the government should assume to protect peoples’ data. But a common thread to the many ideas is customer notification once a data breach occurs. Though 46 states do have notification laws, retailers gripe that this makes them spend precious time complying with this instead of on fighting data infiltrations and repairing the fallout.

“We’ve long said that action is needed and hopefully we can see passage of data breach notification legislation this year,” says Brian Dodge, a senior vice president at the Retail Industry Leaders Association.

Recently the Data Security Act was introduced. It would require companies and banks to have privacy protections and investigate breaches, plus alert customers about big risks of theft or fraud. Banks have complained about the costs of responding to data breaches and have insisted that retailers take more action to the fallout. The DSA could take some of this burden off banks.

“We think it’s important that essentially everybody up their game,” says Kenneth Clayton, an executive VP and chief counsel at the American Bankers Association. This needs to occur whether through law or industry action, Clayton adds.

The FTC may even get involved. But how much should the government get involved, though? “The idea that the government would do a better job than private industry is a horrible idea,” says John Kindervag, a principal analyst at Forrester Research, an advisory firm.

However, a 2014 priority for the FTC is to protect sensitive health and financial information. “The FTC has long been concerned that this type of sensitive data warrants special protections,” says Jessica Rich, head of the FTC’s consumer protection bureau. She adds that the FTC strongly supports the possibility of new laws that would protect consumers.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.