How to Protect You Frequent Flier Miles NOW

Social Security numbers and credit card numbers are not the only types of data that hackers are after. Now, they are looking at frequent flyer accounts, and they are stealing reward miles, and then selling them online.

How do Hackers Steal Frequent Flyer Miles?

As with other types of ID theft, hackers use info that they have illegally obtained to access frequent flyer accounts. With more data breaches happening than ever before, hundreds of millions of records are exposed, and thus, hackers have great access to the personal info they need to get into these accounts.

What do Hackers Do with Frequent Flyer Miles?

It is hard for hackers to use these miles on their own because often, the travel has to be booked in the name of the owner. However, it is very easy to transfer these miles to other accounts or to use the miles to purchase other rewards. Usually, no ID is needed for a transfer like this. This is also difficult to track because hackers use the dark web and VPNs to remain anonymous.

Hackers also sell these miles, and they catch a pretty penny. For airlines like British Airways, Virgin Atlantic, and Delta, they can get hundreds, or even thousands of dollars for their work.

In addition to transferring these miles from one account to another, hackers are also selling the account’s login information. Once someone buys this, they can now get into the owner’s account and do what they want with the miles.

Protecting Your Frequent Flyer Miles

There are some things that you can do to protect your frequent flyer miles. You should check your frequent flyer accounts regularly using your airlines mobile app. Change all your airline passwords and never re-use passwords and set up a different password for each account.

Other things that you can do include the following:

  • Protect your personal information by making sure every online account has a unique and difficult to guess password.
  • Use a dark web scan. This will show you if any personal information is out on the dark web.
  • If you do find that your miles have been stolen, it also is probable that your personal information has been compromised, too. Monitor your credit report and check it often for anything that looks odd. This is a big sign of an issue.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

The Switch to the Chip Card – One Year Later

The October anniversary of the liability shift has passed, and anniversaries are an excellent time to look back on progress…this is no exception. The U.S. EMV migration plan was set four years ago as a way to fight card fraud and to protect both consumers and merchants.

the-shift-to-chip-infographic-11-1-2016Back in the day, we had one choice when we wanted to purchase something, and that was cold, hard cash. However, a few decades ago, people began using credit cards for everyday purchases instead of for only big ticket items, such as refrigerators. Though this was certainly convenient, it also opened the door for the bad guys to not only access your credit card information, they could use this information to make purchases and even to learn more about you and steal your identity. Over the past couple of years, once again, we in the U.S. are changing things up when it comes to how we use credit and debit cards. Our new cards, the ‘chip cards,’ as in use in most other places in the world, are making it safer than ever before to make purchases.

Love ‘em or hate ‘em, these new chip cards and terminals are working to eliminate card fraud, and they are working very well. The way we pay in the U.S. needed a huge overhaul, and this security upgrade was an attempt to make things safer. Data and research confirms that this new technology has had a great impact on reducing card fraud.

Don’t get me wrong. This transformation has not been without a few headaches for merchants and consumers but believe me…things are improving, and they will continue to improve as businesses complete their shift to the chip. How much? Mastercard fraud data indicates that there was a 54 percent decrease associated with counterfeit fraud when comparing data from April 2016 to April 2015.

We Have a Strong Start, But There is Still Work to be Done

When considering everything, the U.S. is off to a solid start, but we still have work to do. When looking at the more than 150 world markets that use chips in cards, we know that more chip transactions must be done before we can see a significant drop in fraud. To do this, we will need about 60 percent of chip terminals interacting with a minimum of 60 percent of chip cards in market. If you have one or have seen chip cards, you likely know that we have gone well beyond that 60 percent mark on cards, but only about 30 percent of store terminals are set up to accept chips.

Another thing that we need to do is continue to speed up the certification process for merchants. The faster we can get chip terminals in stores, the faster we will see these card fraud levels drop.

We also need to increase the speed of which these transactions occur. If you have used a chip terminal, you know that it feels like a slower process than the ‘swipe’ we are used to. The payments industry is hard at work to address this issue, and new technologies are being created to speed up transaction times when using these payment methods. Remember, even though the process feels a bit slower right now, you are significantly safer when using a chip card.

Ultimately, if we can have a little bit of patience with the process and endure these short-term issues, we will all greatly benefit when it comes to payment security. We are already moving in the right direction, and if we keep adding terminals and encouraging the use of chip cards, we will definitely see even more improvement when we compare with next year. Before you know it, most forms of card fraud will be all but gone thanks to the switch to the chip.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Carders cashing out on Magstrip Cards

Two thousand credit card payment terminals stand to become infected with malware called Trinity point of sales.

2CTen million credit cards were stolen by hackers, called Fin6, who may end up scoring $400 million. The cards were stolen from retail and hospitality businesses. If each card sells for $21 on secret carder shops, you can see how the hackers will rake in hundreds of millions of dollars.

As you may know, the U.S. is gradually switching over to chip cards. But it will be a while—a very long while—before magnetic strip cards are non-existent in America. Until then, these types of cards remain a favorite target for cyber thieves.

The methods that Fin6 used are technical, but suffice it to say, these hackers are pros. At this point, there has not been any way to stop this hacking group.

This is yet another example of the inherent vulnerability of the magnetic strip card, which, unlike in other industrialized nations, continues to be the main type of credit card in use in the U.S.

Protect yourself:

  • Go to “alerts/notifications” at your bank/cards website and sign up for emails/texts for every charge made.
  • Download your bank/cards mobile app and sign up for emails/texts for every charge made.
  • Check your statements frequently.
  • Federal law protects you from unauthorized charges made with your credit card number but you still have to dispute the charges.
  • In the event the credit card is in a thief’s hands, you’ll be liable, but only for a maximum of $50, provided you report the problem to the credit card company. However, in many cases a “zero liability” policy may kick in.
  • Debit cards fall under a different federal law than credit cards. Regulation E, the Electronic Fund Transfer Act, says after two days, you could be liable for up to $50. After 2 days liability jumps to 500.00. Beyond 60 days, you could be liable for all unauthorized transactions. Otherwise, federal rules are on the bank’s side.
  • Beyond 60 days, there’s likelihood you’ll never see your money again.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Never put these Docs in your Wallet

Yes, believe it or not, you CAN get by in life with a wallet that just has a little cash, a store card or two, one to two credit cards and your ID.  Unless you absolutely need your insurance card or Social Security card, leave those items at home.

1DFor years now, wallets have been on the market that you can stuff everything into, save for the kitchen sink. This doesn’t mean you must carry a ridiculous bulging wallet everywhere you go.

Now you may not mind having to dig through your wallet for five minutes to retrieve things because there’s so much stuff in there, but do you know who actually would enjoy this?

A crook who specializes in identity theft. With just your Social Security card (come on already, just memorize the number), a crook could open up credit lines in your name and make your life a nightmare.

Now you may think it doesn’t matter because your wallet will never be lost or stolen. Everyone must lose their wallet at some point in their lives? But what if you’re in an accident? What if you’re jumped on the street? What if someone brazenly approaches you, grabs the wallet out of your hands and runs?

If my wallet is lost or stolen I won’t care because there’s nothing in my wallet that the thief could easily use to steal my identity, nor is there anything I couldn’t easily name or easily replace.

Keep the following items out of your wallet:

  • Anything with your Social Security number; again, just memorize it already.
  • Home address
  • Keys
  • PINs and passwords (if you need an assortment of these to function while away from home, use an encrypted app—assuming you have a smartphone).
  • Checks
  • Credit cards you won’t be using on any given day you’re out in the community (though one emergency credit card at all times is a smart move).
  • Birth certificate
  • Credit card receipts
  • Medical cards unless you are going to the doctor
  • Store cards unless you are going to that store

Make photo copies of all docs in your wallet and upload them to your secure email account. Consider an app like “Key Ring” and enter the cards into your mobile device. Put ALL your loyalty cards there and copies of most cards you might need in a pinch.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

20 Security Tips For Overseas Travelers With Credit Cards

Thinking of bringing a credit card with you on your travels? You can end up in a jam: You just treated your extended family to fine dining in France. Time to pay; your credit card is declined.

2CIf you try to make a purchase overseas, your credit card company might think it’s fraudulent, since it would appear anomalous, relative to your usual, U.S. purchases.

So before you leave for your trip:

  • Back up credit card data. It’s always important to have a backup of your card data, both online and in print. Photocopy each card and carry with you or store in your luggage. The Carbonite mobile app lets you access your backed-up data from anywhere in the world.
  • Review your auto drafts and consider these when traveling to avoid maxing out the card.
  • All your cards should be signed.
  • Get a “data plan” and make sure your credit card company’s e-mail and phone numbers actually work.
  • See if your company will issue you a chip-n-pin card, since this technology is widespread in foreign countries.
  • Memorize the PIN and make sure it’s enabled for foreign ATM withdrawals.
  • Install the credit card company’s mobile application so that you can be alerted to any suspicious issues.
  • Gift cards and debit cards should be authorized for international use.
  • Set your phone up for international use.
  • Activate the feature in your card account that alerts you every time the card is used.
  • Alert the credit card company when you’ll be overseas so they can monitor your purchases.
  • Store the company’s 800 and non-800 numbers in your phone.
  • Also make sure you have their e-mail address.
  • The card(s) numbers should be documented in hardcopy.
  • Find out if the card has a foreign transaction fee.
  • Know the to-be-visited country’s phone dialing patterns.

While on your trip:

  • Never give anybody your card for a purchase unless you can see everything they’re doing.
  • At ATMs, carefully punch in the keypad numbers; you may not get too many chances to get the PIN correct.
  • Save all receipts and inspect them. Use your computer or phone and secure Wi-Fi to monitor your account online. This can be done with Hotspot Shield, which will encrypt all transmissions.

Know that your card company will never request highly personal information such as your Social Security number. If anyone contacts you with such requests, it’s a scam.

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite Personal plans. See him discussing identity theft prevention. Disclosures.

Credit Card vs. Debit Card Fraud

One difference between a credit card and a debit card is that if there’s an unauthorized charge on your credit card, you just get a little sting. It’s a hassle to straighten out. But no money is taken from you.

2CBut if someone gets ahold of your debit card information, the second they use it, depending on the nature of the transaction, your bank account will be drained. And in some cases, you can kiss that money goodbye; you got scorched. More than ever, crooks are using others’ debit card data and sucking dry their bank accounts via ATMs—in an instant.

An article on blogs.wsj.com outlines the differences between a credit card and a debit card:

  • Federal law protects you from unauthorized charges made with your credit card number rather than with the actual card.
  • In the event the credit card is in a thief’s hands, you’ll be liable, but only for a maximum of $50, provided you report the problem to the credit card company. However, in many cases a “zero liability” policy may kick in.
  • Debit cards fall under a different federal law than credit cards. Regulation E, the Electronic Fund Transfer Act, says after two days, you could be liable for up to $50. After 2 days liability jumps to 500.00. Beyond 60 days, you could be liable for all unauthorized transactions. Otherwise, federal rules are on the bank’s side.
  • Beyond 60 days, there’s likelihood you’ll never see your money again.

How does the thief get one’s card information in the first place?

  • The thief places a “skimmer” in the swiping device of an ATM or other location such as a gas pump or even the swiping device at a checkout counter. The skimmer snatches card data when the card is swiped.
  • The thief returns at some point and retrieves the skimmer, then makes a fake card.
  • Thieves may capture PINs with hidden cameras focused on the ATMs keys. So when entering PINs, conceal the activity with your free hand.
  • A business employee, to whom you give your card to purchase something, may be the thief. He disappears from your sight with your card to swipe it at some unseen location. While away from you, he skims the data.
  • The thief sends out mass e-mails designed to look like they’re from the recipient’s bank, the IRS or retailers. The message lures the recipient into clicking a link inside the e-mail.
  • The link takes them to a site set up by the thief, further luring the victim into typing in their card’s information.
  • The thief calls the victim, pretending to be the IRS or some big outfit, and lures the recipient into giving out card information.

It’s obvious, then, there are many things that can go wrong. Your best solution is to pay close attention to your statements, online or via a mobile app, frequently.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

How to build up or rebuild your Credit

After taking all the necessary steps to Fixing a Credit Report after being hacked, it is then tome to rebuild your credit. Bad credit is bad credit no matter how it happens. No matter how responsible you are with your money, you won’t get a loan if there’s no evidence of this. The evidence comes from having credit. You need to show lenders you can be trusted.12D

  • Every time you apply for a credit card, this puts a dent in your credit score. In other words, it can negatively affect your scores especially if there are lots of credit checks in a short period of time. So apply with a lot of discretion; do you really need that extra charge card? Or is it worth it to continually cancel accounts and open new accounts while playing the interest/points game?
  • Get a major credit card. A charge card is an opportunity to show that you will pay back, on time, money that you “borrowed.” A debit card for this purpose is meaningless because it withdraws money from your account on the spot.
  • An option is a type of credit card that requires a security deposit. Payment of your bills will not come from this security deposit. But it looks good to a potential lender, making you seem more trustworthy.
  • Charge things like gas, food and other items, and/or put a monthly bill on the card for automatic payments such as your cable bill, then pay the card on time every single time—ideally the entire balance. This will create a record of your trustworthiness.
  • Charge no more than 50 percent of the card’s limit in any given month, even if you CAN pay the whole thing off every month. Exceeding 50 percent, some say, can adversely affect your credit score.
  • A rule of thumb is to charge only what you’d be able to pay in cold cash every month. Just because your card has a $5,000 limit doesn’t mean you should rack up $4,500 worth of purchases in one billing cycle.
  • Use the card every month; don’t let it go dormant, as this is not impressive to a lender. If you’re having a tough time remembering to charge things like new shoes, food, drug store items, etc., then set it up for automatic draft of a monthly service.
  • Even ONE late payment will screw things up. Remember, charge only what you’d be able to pay for in cash each month. If you can’t, don’t charge it.
  • If YOU check your credit report any time; it won’t dent your credit score. When lots of creditors check your credit, that can affect your scores.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Card Company’s boosting Payment Security with Mobile

Whoever thought that one day, paying with green paper would be viewed as primitive as a horse and buggy? We seem to be getting closer to that time, especially since the security of making payments via smartphone is always being improved.

5WOne way is with fingerprint scanning. Some smartphones already have this biometric feature. But what about credit cards and biometrics? Visa is currently experimenting with biometrics, but nothing yet has been deployed to the public. Nevertheless, a credit card company trying to develop something with biometrics will likely need to get involved in the smartphone arena.

There will always be the consumers who want to stick to the old-fashioned method of using cash, just like there are always those strange people who insist on buying the kind of stamps that you must lick (or wet with tissue paper) rather than the self-stick ones. But hopefully, credit card companies will cater to both kinds of people amking the new technology stupid simple.

If the credit card companies come out with biometrics tied into the mobile device, it will likely be a fingerprint scanner vs. face or voice recognition, but the fingerprint password will be sufficient security after long term testing.

New technology is never carved in stone, but let’s at least get it out there and see how it works. Let’s see how new technology like biometrics in a mobile (like Apple pay) can combat credit card fraud.

In the meantime, card companies and consumers (and banks) must continue to wrestle with the rampant crimes involving credit cards. Recently, MasterCard teamed with Syniverse, a mobile technology company, with the goal of stifling fraudulent use of credit cards.

MasterCard’s approach relies upon the smartphone geolocator. The company’s plan enables the card to be used only if it’s within a certain range of the owner’s smartphone. Though at first, this sounds fool-proof, it has a flaw: What if the thief is within that range? Obviously, if the card is swiped a thousand miles away from the holder’s mobile device, the thief will fail. This new technology hinges upon the thief being outside that range.

A perk of this new technology is that it eliminates the hassle of the holder having to notify the company that they’re traveling so that transactions won’t be declined—because the transaction will occur near the holder’s smartphone—unless a thief makes off with the smartphone and just happens to get out of range.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

The Credit Card Fraud Mob Boss

There once was a guy named Albert Gonzalez who dressed like a woman—but not because he got off on this, but because he wanted to conceal his actual appearance while he used a ream of phony cards to steal money from an ATM in 2003. A cop noticed the activity and didn’t quite buy the disguise.

2CThe police officer nabbed the thin, disheveled Gonzalez, and it turned out he possessed a computer at his New Jersey home loaded with stolen card data. He was also a moderator for Shadowcrew.com, a site for cybercriminals on how to hone their skills.

Gonzalez wasn’t arrested, but instead, the 22-year-old, who was unfortunately a drug addict at the time, was so smart at his craft that he was hired by the Secret Service. They even paid his living expenses. Over time he got off drugs and looked healthier and became clean shaven.

With his help, the Secret Service caught over a dozen Shadowcrew members. Gonzalez then moved to his hometown of Miami, at the urging of his superiors, in the name of evading revengeful Shadowcrew members who might suspect him of being the leak to the government.

Gonzalez became a paid informant for the Secret Service in 2006. He spoke at conferences and seminars and was seemingly living the life.

But while he aided the Secret Service, he led a criminal team that cracked into 180 million payment-card accounts of major corporate databases, among them being Target, JCPenney, OfficeMax and TJ Maxx.

“The sheer extent of the human victimization caused by Gonzalez and his organization is unparalleled,” his chief prosecutor said. What a shame: A genius who used his talents to live a life of crime.

Gonzalez was sentenced to two consecutive 20-year terms, the longest for any U.S. cybercriminal.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

21 ways to Prepare your Credit Cards for Overseas Travel

Imagine being overseas, and in the process of using your credit card to make a purchase—and it’s declined—and you have no currency or checkbook. Nightmare.

2CThe decline could be to prevent fraudulent use; perhaps it was recently reported lost, but then found or the country you are in is known for fraud. To clear this up, you must call the card company and tell them that the purchase you want to make is legitimate.

Realize that the card issuer cannot allow more transactions until they verify that the attempted charge is valid.

Prior to travel as well as during, there are things you should do to minimize the problem of declined charges.

  1. Make sure your cell phone is set up for international use so you don’t miss a call from your card issuer.
  2. Make sure all your cards are signed.
  3. Before leaving, notify your card company that you’ll be traveling overseas; this way they can monitor your transactions.
  4. Before leaving, make sure your debit and gift cards are authorized for international use with merchants and ATMs.
  5. Bring with you the phone numbers for all of your cards. This includes non-800 numbers.
  6. Make sure you know whether or not your cards come with a foreign transaction fee.
  7. Have all the card numbers documented.
  8. Get a chip-and-pin card from your card company and bank. Chip and PIN is most prevalent outside the USA.
  9. See to it that your card won’t be overdrawn while you’re traveling. Consider any auto drafts that can inflate the balance.
  10. Have your PIN memorized.
  11. If you plan on cash advances from an ATM, makes sure to have a PIN enabled for your card.
  12. Don’t have the card company contact you by SMS text messaging if you don’t have an international data plan. Or just get a data plan. Make sure the company has a working cell phone number and e-mail address.
  13. Enable the feature, in your account settings, that yields an alert (e-mail or text) every time you pay with the card.
  14. Install your bank or credit card companies mobile app to alert you of any approval issues or potential fraud
  15. Don’t let a service person, like at a restaurant, leave your table with your card to swipe it. Go with them if needed. This may not always be possible.
  16. Always review your receipts against your card statements to make sure there are no duplicate charges.
  17. Check your accounts online when you travel to reconcile all account activity. Do this from a device you have control over opposed to a hotel or business center PC.
  18. If your billing ZIP code is required, make sure you carefully punch it into the keypad. If more than one invalid entry is made, the card can be disabled.
  19. If someone calls and tells you that your card has been suspended due to fraud, and they ask for your credit card number, address or SSN, consider this a scam. The card issuer will not likely want personal information, and instead will want you to confirm past transactions.
  20. Whenever using free public WiFi have Hotspot Shield installed on your wireless device to prevent data snooping and encrypt your wireless data.
  21. A fraud-hold on your card cannot be cleared until you contact the card company or bank to straighten things out. Make sure you know what the phone dialing patterns are for the country you plan on visiting—before you embark on the travel.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.