10 Ways to Prevent Holiday Shopping Scams

The winter holidays: a time for festivities and … fraud-tivities.

Gift Card Grab

Never, ever enter your credit card or other sensitive information to claim a gift card that comes via email.

Never Buy Over Public WiFi

Shopping over public WiFi means your credit card, bank account or login data could get picked up by a cyber thief. Use a VPN.

Coupon Cautious

If a coupon deal seems too good to be true, then assume it is. End of story. Next.

Password Housekeeping

  • Change the passwords for all your sensitive accounts.
  • No two passwords should be the same.
  • Passwords should be a random salad of upper and lower case letters, numbers and symbols – at least 12 total.
  • A password manager can ease the hassle.

Two Step Verification

  • A login attempt will send a one-time numerical code to the user’s phone.
  • The user must type that code into the account login field to gain access.
  • Prevents unauthorized logins unless the unauthorized user has your phone AND login credentials.

Think Before You Click

  • Never click links that arrive in your in-box that supposedly linking to a reputable retailer’s site announcing a fantastic sale.
  • Kohl’s, Macy’s, Walmart and other giant retailers don’t do this. And if they do, ignore them.
  • So who does this? Scammers. They hope you’ll click the link because it’ll download a virus.
  • The other tactic is that the link will take you to a mock spoofed site of the retailer, lure you into making a purchase, and then a thief will steal your credit card data.

Bank and Credit Card Security

  • Find out what kind of security measures your bank has and then use them such as caps on charges or push notifications.
  • Consider using a virtual credit card number that allows a one-time purchase. It temporarily replaces your actual credit card number and is worthless to a thief.

Job Scams

Forget the online ad that promises $50/hour or $100 for completing a survey. If you really need money then get a real job.

Monthly Self-Exam

For financial health: Every month review all your financial statements to see if there is any suspicious activity. Even an unknown charge for $1.89 is suspicious, because sometimes, crooks make tiny purchases to gage the account holder’s suspicion index. Report these immediately.

Https vs. http

  • The “s” at the end means the site is secure.
  • Do all your shopping off of https sites.
  • In line with this, update your browser as well.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

My EMV for a Week Challenge is DONE!

This week I worked with Gemalto, as part of Gemalto’s #ChipAwayAtFraud campaign. I was tasked with using my “chip” card when making a bunch of every day purchases like getting coffee and shopping. Gemalto, one of the world’s leaders in digital security, wanted a real-world take on the EMV card experience, which includes the security benefits EMV cards presents. You know EMV; it’s the “chip” credit card that, by now, you should have.

1CHere’s what I learned:

A significant portion of the retailers I frequented didn’t have the chip terminals in place. The ones that did afforded more security and a seamless transaction. At this point in EMVs rollout, the biggest issue, or frustration, I think, is its lack of deployment. For instance, you may have to redo a transaction when a chip card is inserted opposed to swipe and then to be told by the cashier “We don’t accept chip cards yet, please swipe”. The opposite happens too, but less frequently.

Otherwise, chip cards are a no brainer. The “learning curve” for EMV or Chip is learned in the first transaction. Once done, you’ll be able to do it every time, and there are no delays or issues with the transaction.

Overall, we are collectively more secure because of EMV/Chip technology. Over time, there will be 100% adoption of this method as magnetic striped cards are phased out along with magnetic striped “swipe” point of sale terminals. For now, and really, forever, a consumer’s first line of defense is to pay close attention to their card statements.

I always recommend signing up for your bank or card company’s mobile app and receiving alerts and notifications with each transaction. This way you’ll be able to dispute fraudulent charges in real-time, if needed.

Meanwhile, your chip cards are here to stay. Embrace the technology, as its primary purpose is security and convenience. As more and more retailers get up to speed, we will see fewer and fewer news reports of huge credit card data breaches because of EMVs full scale deployment.

How to Remove Fraudulent Lines of Credit

You just learned you have a new credit card account by checking your credit or because a bill collector called you. Problem is that you don’t remember ever applying for it. You must find out what’s behind this new account and how it got there.

  • Call the corresponding phone number listed with the account seen on your credit report.
  • Begin the process for disputing the entire account.
  • Get the name (and employee ID number) of every person you speak to and a transaction or reference number for every phone call.
  • Speak to the fraud specialist for the issuer of this new account.
  • Maybe you did apply for it. If you didn’t, find out if there are any charges on it.
  • If the issue isn’t cleared up with one phone call, see what your options are to put a freeze on the account while things are being checked into.
  • Get your free credit reports from TransUnion, Equifax and Experian to see how this new account appears.
  • If you’re still in a quandary over this, put a fraud alert and security freeze on all three reports.

Taking Matters Further

  • If it’s fraud, file an ID theft complaint with the Federal Trade Commission. You’ll get an identity theft affidavit online; immediately print it because it can be viewed only once through the FTC’s system.
  • Next, bring the ID affidavit form to the police, plus other documents relevant to your case, and file a report. Don’t assume your problem is too trivial.

What if the credit card issuer is not helpful?

  • Send a certified letter requesting they freeze or even close the account.
  • Include with that letter a copy (not the originals) of the FTC affidavit and police report.
  • The letter should request written proof of the authorization for opening this account.
  • Another request: written statement absolving you from any responsibility towards charges on this mysterious account.
  • Did you know that the creditor has 30 days or less to send you a written summary of its investigation?

If you’ve been assured that the account will be removed, don’t just take their word; follow up to make sure this was done.

You should not be responsible for any debts incurred by this fraudulent account. Any negative notes on your credit report, related to this account, should be wiped clean.

What if after all that, the account still remains open and you feel the case was not handled properly? File a complaint with the Consumer Financial Protection Bureau. Hopefully you won’t have to hire an attorney, though that’s also a next step.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

20 Security Tips For Overseas Travelers With Credit Cards

Thinking of bringing a credit card with you on your travels? You can end up in a jam: You just treated your extended family to fine dining in France. Time to pay; your credit card is declined.

2CIf you try to make a purchase overseas, your credit card company might think it’s fraudulent, since it would appear anomalous, relative to your usual, U.S. purchases.

So before you leave for your trip:

  • Back up credit card data. It’s always important to have a backup of your card data, both online and in print. Photocopy each card and carry with you or store in your luggage. The Carbonite mobile app lets you access your backed-up data from anywhere in the world.
  • Review your auto drafts and consider these when traveling to avoid maxing out the card.
  • All your cards should be signed.
  • Get a “data plan” and make sure your credit card company’s e-mail and phone numbers actually work.
  • See if your company will issue you a chip-n-pin card, since this technology is widespread in foreign countries.
  • Memorize the PIN and make sure it’s enabled for foreign ATM withdrawals.
  • Install the credit card company’s mobile application so that you can be alerted to any suspicious issues.
  • Gift cards and debit cards should be authorized for international use.
  • Set your phone up for international use.
  • Activate the feature in your card account that alerts you every time the card is used.
  • Alert the credit card company when you’ll be overseas so they can monitor your purchases.
  • Store the company’s 800 and non-800 numbers in your phone.
  • Also make sure you have their e-mail address.
  • The card(s) numbers should be documented in hardcopy.
  • Find out if the card has a foreign transaction fee.
  • Know the to-be-visited country’s phone dialing patterns.

While on your trip:

  • Never give anybody your card for a purchase unless you can see everything they’re doing.
  • At ATMs, carefully punch in the keypad numbers; you may not get too many chances to get the PIN correct.
  • Save all receipts and inspect them. Use your computer or phone and secure Wi-Fi to monitor your account online. This can be done with Hotspot Shield, which will encrypt all transmissions.

Know that your card company will never request highly personal information such as your Social Security number. If anyone contacts you with such requests, it’s a scam.

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite Personal plans. See him discussing identity theft prevention. Disclosures.

Credit Card vs. Debit Card Fraud

One difference between a credit card and a debit card is that if there’s an unauthorized charge on your credit card, you just get a little sting. It’s a hassle to straighten out. But no money is taken from you.

2CBut if someone gets ahold of your debit card information, the second they use it, depending on the nature of the transaction, your bank account will be drained. And in some cases, you can kiss that money goodbye; you got scorched. More than ever, crooks are using others’ debit card data and sucking dry their bank accounts via ATMs—in an instant.

An article on blogs.wsj.com outlines the differences between a credit card and a debit card:

  • Federal law protects you from unauthorized charges made with your credit card number rather than with the actual card.
  • In the event the credit card is in a thief’s hands, you’ll be liable, but only for a maximum of $50, provided you report the problem to the credit card company. However, in many cases a “zero liability” policy may kick in.
  • Debit cards fall under a different federal law than credit cards. Regulation E, the Electronic Fund Transfer Act, says after two days, you could be liable for up to $50. After 2 days liability jumps to 500.00. Beyond 60 days, you could be liable for all unauthorized transactions. Otherwise, federal rules are on the bank’s side.
  • Beyond 60 days, there’s likelihood you’ll never see your money again.

How does the thief get one’s card information in the first place?

  • The thief places a “skimmer” in the swiping device of an ATM or other location such as a gas pump or even the swiping device at a checkout counter. The skimmer snatches card data when the card is swiped.
  • The thief returns at some point and retrieves the skimmer, then makes a fake card.
  • Thieves may capture PINs with hidden cameras focused on the ATMs keys. So when entering PINs, conceal the activity with your free hand.
  • A business employee, to whom you give your card to purchase something, may be the thief. He disappears from your sight with your card to swipe it at some unseen location. While away from you, he skims the data.
  • The thief sends out mass e-mails designed to look like they’re from the recipient’s bank, the IRS or retailers. The message lures the recipient into clicking a link inside the e-mail.
  • The link takes them to a site set up by the thief, further luring the victim into typing in their card’s information.
  • The thief calls the victim, pretending to be the IRS or some big outfit, and lures the recipient into giving out card information.

It’s obvious, then, there are many things that can go wrong. Your best solution is to pay close attention to your statements, online or via a mobile app, frequently.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Beware of Vacation Rental Scams this Summer

Talk about getting taken to the cleaners: Imagine you spot a great summer rental property advertised online. Looks wonderful. The deal sounds too good to be true, but the owner tells you (via e-mail or even phone) that the fee is correct. You apply for the rent and send in the required upfront payment.

9DThen you head down there for the first time to see an empty lot. It then dawns on you that the owner was really a crook who used some photo he found online and advertised it for rent. And if losing your money isn’t bad enough, the thief now has other private information on you like your Social Security number.

How can you protect yourself if the property is too far away to check out in person? Limit yourself to only local rental properties that you can actually physically check out first? Whether or not you can do that, here are safeguards:

  • Copy and paste the rental description into a search engine. If it shows up elsewhere consider it a scam. However…a smart crook will alter the wording so that this doesn’t happen!
  • Google the listed address and see if it matches up. Google any other information connected with the ad, such as the landlord’s name.
  • If you locate the property on another site that lists it for sale, the rental ad is a scam.
  • Request a copy of the owner’s driver’s license to verify property records at your county assessor’s office.
  • If you can’t physically visit the property, use an online map to get a full view, including aerial, to make sure it actually exists. But this doesn’t rule out scam. The property may exist alright, but the ad you’re interested in was not placed by the owner, who’s either not renting at all or might be selling the place.
  • Conduct all communication by phone.
  • Never wire transfer an upfront payment or pay via prepaid debit card—two red flags for a scam. Pay via credit card.

Honest landlords can be scammed, too. They should search the information of responders to their ads to see what comes up.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Credit Card Fraud isn’t the same as Identity Theft

Just as important as taking down the decorations, throwing out all the debris from opened gifts and getting the house back in order after the holiday activities, is that of scrutinizing your credit card statements.

2CWhy? To make sure that all the purchases on there were made by you and only you. The holiday season means more credit card use = more identity theft. In this case, it’s “account takeover.”

The crook gets your credit (or debit) card information in one of several ways: digging through trash to get credit card information; tampering with ATMs; hacking; and perhaps the thief is the person you gave the card to to pay for your restaurant meal.

Yet another way the thief could get you is to obtain a new credit card line—using your name, address and Social Security number. He maxes out his new card and doesn’t pay the bill. One day you get a call from a collection agency, along with knowledge that your credit has been ruined. This is called “new account fraud”

Account takeover can be discovered via unauthorized charges on your statements, or the thief’s spending habits may alert the company (via its anomaly detection software) to something suspicious, such as a lot of spending halfway across the globe one hour after you purchased something in your home town.

You have 60 days to report suspicious activity to save yourself from paying the unpaid bills. The zero liability policy protects you. The most you’ll pay out is $50. But if you delay reporting the fraudulent activity, you’re screwed.

Thus, you must make time to just sit down and look over every charge on your statements, even if this means that the only time you have to do it is when you’re on the toilet. But you DO have time. You have time to read someone’s drivel on Facebook or something about Duchess Kate’s hair…you certainly have time to read your card statements every month.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

8 Tips to Credit Card Security

Despite the fact that tens of millions of consumers were hit by the numerous big breaches, and tens of millions more by less sensationalized breaches, you can still take the reins and yield some protection for your credit cards.2C

  1. Make online payments with single-use or prepaid cards. What a great idea!
  2. If you have multiple recurring payments for ongoing services, use only one credit card for those.
  3. For shopping, use a one-time or prepaid card. Though the single-use credit card number is linked to your real card number, it will prevent the real number from becoming exposed should the site get hacked. Discover, Citibank and Bank of America offer single-use (disposable) card numbers.
  4. A prepaid card is different, in that it’s independent of your real card number. If the prepaid card gets stolen, you can replace it without this affecting your primary credit card account.
  5. If you have a debit card…don’t shop with it. Use it only to take funds out of a bank ATM. If a crook gets ahold of your debit card…the money will instantly be stolen from your bank account. If a thief gets your credit card, however, and makes unauthorized purchases, there’s a time lapse between when the purchases are made and when the money is actually withdrawn—enough time for you to file a dispute (if you regularly monitor your statements).
  6. Though you’ll get reimbursed for fraud that occurs with a debit card, this will happen after your bank account has been sucked dry. So avoid using a debit card at gas stations, casino machines and other such places where it’s easy for a crook to tamper with the card reader.
  7. Better yet, just limit its use to the bank ATM. Think of your debit card as an ATM card. This doesn’t mean that an ATM can’t be tampered with; be on the lookout for signs of tampering such as tiny cameras to capture PINs, or something odd about the card reader.
  8. Set up email or text notifications via your bank or credit card companies website to alert you to all charges. This way, whenever a charge comes in, you’ll know about it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Credit Card Fraud booming

Online credit card fraud is flourishing, according to the U.S. Retail Fraud Survey 2014. One of the reasons is because online sales are ever on the increase, currently accounting for 6 percent of total sales, says the report, the most extensive of its kind. The projection is that within three years, retailers will be getting 15 percent of their sales online.

2CThe survey was carried out between April and May of 2014, and dealt with primary research into the processes, systems and strategies that were used by 100 of the U.S.’s leading retailers, representing 126,000 stores in the U.S.

The loss prevention manager or director for each retailer went through a detailed interview. Also interviewed was the e-commerce manager or director (if the loss prevention leader wasn’t available) regarding their prevention tactics for online fraud.

The survey has a few changes this year. Only the retailers who participated can see the detailed results. Plus, the report has an anonymous portion to help with quality and availability of the most critical data. These tweaks will assist retailers with their war against fraud.

Online fraud is higher on everyone’s radar due to so many high profile hacks. In fact, the study indicates that spending on online fraud prevention has gone up by 50 percent. Though this is good news, it hardly crushes the reality that credit card fraud continues to demonize retailers, requiring detection, prevention and management.

Protect your data:

  • Maintaining updated operating systems, including critical security patches
  • Installing and running antivirus, antispyware and antiphising software and a firewall
  • Keeping browsers updated with the latest version
  • Updating all system software, including Java and Adobe
  • Locking down wireless Internet with encryption
  • Setting up administrative rights and restricting software, such as peer-to-peer file sharing, from being installed without rights
  • Utilizing filtering that controls who has access to what kind of data
  • Utilizing Internet filters to block access to restricted sites that may allow employees or hackers to upload data to Cloud-based storage
  • Possible disabling or removing USB ports to prevent the downloading of malicious data
  • Incorporating strict password policies
  • Encrypting files, folders and entire drives

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Prepaid Cards risk of Fraud

Somewhere out there is a dictionary that when you look up the term wire money, the definition says scam! Even though legitimate money-transfer businesses exist like Western Union, a request to wire money for that new car or vacation package is most probably a rip-off.

2CAnd the crooks behind these rackets are figuring out ways to overcome the increased awareness of consumers to the money-wiring scams. They’ve come up with yet another way to steal your money. Thieves are requesting reloadable prepaid cards.

Would you hand a well-fed-looking masked man on the street your wallet? (Let’s pretend for a moment he’s not pointing a gun at you and is simply asking for your money). Of course you wouldn’t give it to him.

But this is what people essentially do when wiring money or sending in the prepaid cards.

Here’s how it works: The thief makes a request to load your cash onto your card (to pay for whatever), and then send over the card number and PIN. This way, the crook can put your money onto their own cards. They then can go to an ATM and take out cash or spend your money at a store. Meanwhile you never receive the item you thought you were purchasing, like that adorable pedigree puppy you saw online.

But the scams don’t stop at buying puppies, vacation packages, cars or other common items. They can also come in the form of a notice that you won a prize, and that you need to send in a prepaid card to pay a processing fee. Sometimes the scam comes in the form of a utility company payment or even government payment.

Bottom line: Don’t send anyone prepaid cards!

In that same dictionary after the term prepaid cards is scam!

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.