The Credit Card Fraud Mob Boss

There once was a guy named Albert Gonzalez who dressed like a woman—but not because he got off on this, but because he wanted to conceal his actual appearance while he used a ream of phony cards to steal money from an ATM in 2003. A cop noticed the activity and didn’t quite buy the disguise.

2CThe police officer nabbed the thin, disheveled Gonzalez, and it turned out he possessed a computer at his New Jersey home loaded with stolen card data. He was also a moderator for Shadowcrew.com, a site for cybercriminals on how to hone their skills.

Gonzalez wasn’t arrested, but instead, the 22-year-old, who was unfortunately a drug addict at the time, was so smart at his craft that he was hired by the Secret Service. They even paid his living expenses. Over time he got off drugs and looked healthier and became clean shaven.

With his help, the Secret Service caught over a dozen Shadowcrew members. Gonzalez then moved to his hometown of Miami, at the urging of his superiors, in the name of evading revengeful Shadowcrew members who might suspect him of being the leak to the government.

Gonzalez became a paid informant for the Secret Service in 2006. He spoke at conferences and seminars and was seemingly living the life.

But while he aided the Secret Service, he led a criminal team that cracked into 180 million payment-card accounts of major corporate databases, among them being Target, JCPenney, OfficeMax and TJ Maxx.

“The sheer extent of the human victimization caused by Gonzalez and his organization is unparalleled,” his chief prosecutor said. What a shame: A genius who used his talents to live a life of crime.

Gonzalez was sentenced to two consecutive 20-year terms, the longest for any U.S. cybercriminal.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

21 ways to Prepare your Credit Cards for Overseas Travel

Imagine being overseas, and in the process of using your credit card to make a purchase—and it’s declined—and you have no currency or checkbook. Nightmare.

2CThe decline could be to prevent fraudulent use; perhaps it was recently reported lost, but then found or the country you are in is known for fraud. To clear this up, you must call the card company and tell them that the purchase you want to make is legitimate.

Realize that the card issuer cannot allow more transactions until they verify that the attempted charge is valid.

Prior to travel as well as during, there are things you should do to minimize the problem of declined charges.

  1. Make sure your cell phone is set up for international use so you don’t miss a call from your card issuer.
  2. Make sure all your cards are signed.
  3. Before leaving, notify your card company that you’ll be traveling overseas; this way they can monitor your transactions.
  4. Before leaving, make sure your debit and gift cards are authorized for international use with merchants and ATMs.
  5. Bring with you the phone numbers for all of your cards. This includes non-800 numbers.
  6. Make sure you know whether or not your cards come with a foreign transaction fee.
  7. Have all the card numbers documented.
  8. Get a chip-and-pin card from your card company and bank. Chip and PIN is most prevalent outside the USA.
  9. See to it that your card won’t be overdrawn while you’re traveling. Consider any auto drafts that can inflate the balance.
  10. Have your PIN memorized.
  11. If you plan on cash advances from an ATM, makes sure to have a PIN enabled for your card.
  12. Don’t have the card company contact you by SMS text messaging if you don’t have an international data plan. Or just get a data plan. Make sure the company has a working cell phone number and e-mail address.
  13. Enable the feature, in your account settings, that yields an alert (e-mail or text) every time you pay with the card.
  14. Install your bank or credit card companies mobile app to alert you of any approval issues or potential fraud
  15. Don’t let a service person, like at a restaurant, leave your table with your card to swipe it. Go with them if needed. This may not always be possible.
  16. Always review your receipts against your card statements to make sure there are no duplicate charges.
  17. Check your accounts online when you travel to reconcile all account activity. Do this from a device you have control over opposed to a hotel or business center PC.
  18. If your billing ZIP code is required, make sure you carefully punch it into the keypad. If more than one invalid entry is made, the card can be disabled.
  19. If someone calls and tells you that your card has been suspended due to fraud, and they ask for your credit card number, address or SSN, consider this a scam. The card issuer will not likely want personal information, and instead will want you to confirm past transactions.
  20. Whenever using free public WiFi have Hotspot Shield installed on your wireless device to prevent data snooping and encrypt your wireless data.
  21. A fraud-hold on your card cannot be cleared until you contact the card company or bank to straighten things out. Make sure you know what the phone dialing patterns are for the country you plan on visiting—before you embark on the travel.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

8 Tips to Credit Card Security

Despite the fact that tens of millions of consumers were hit by the numerous big breaches, and tens of millions more by less sensationalized breaches, you can still take the reins and yield some protection for your credit cards.2C

  1. Make online payments with single-use or prepaid cards. What a great idea!
  2. If you have multiple recurring payments for ongoing services, use only one credit card for those.
  3. For shopping, use a one-time or prepaid card. Though the single-use credit card number is linked to your real card number, it will prevent the real number from becoming exposed should the site get hacked. Discover, Citibank and Bank of America offer single-use (disposable) card numbers.
  4. A prepaid card is different, in that it’s independent of your real card number. If the prepaid card gets stolen, you can replace it without this affecting your primary credit card account.
  5. If you have a debit card…don’t shop with it. Use it only to take funds out of a bank ATM. If a crook gets ahold of your debit card…the money will instantly be stolen from your bank account. If a thief gets your credit card, however, and makes unauthorized purchases, there’s a time lapse between when the purchases are made and when the money is actually withdrawn—enough time for you to file a dispute (if you regularly monitor your statements).
  6. Though you’ll get reimbursed for fraud that occurs with a debit card, this will happen after your bank account has been sucked dry. So avoid using a debit card at gas stations, casino machines and other such places where it’s easy for a crook to tamper with the card reader.
  7. Better yet, just limit its use to the bank ATM. Think of your debit card as an ATM card. This doesn’t mean that an ATM can’t be tampered with; be on the lookout for signs of tampering such as tiny cameras to capture PINs, or something odd about the card reader.
  8. Set up email or text notifications via your bank or credit card companies website to alert you to all charges. This way, whenever a charge comes in, you’ll know about it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Stolen Business Debit Cards at Greater Risk

WE DO NOT SELL DUMPS. DO NOT EMAIL OR CALL US.

WE DO NOT SELL DUMPS

A debit card from your business, in the virtual hands of a thief, spells a mountain of trouble. The thief can generate a duplicate of your business debit card, then splurge. A “cloned” card can be swiped in a card reader, appearing legitimate.

2CBanks are not legally required to reimburse a business’s stolen money from the fraudulent debit card purchases. Nevertheless, some institutions do reimburse, but that’s only after the business owner can prove theft.

Banks are reluctant to believe businesses claiming victimship. A business may spend months, even years, using lawyers, trying to convince a bank of the crime.

Tips from creditcardguide.com for preventing business debit card fraud and getting faster reimbursement:

For purchases, use your business credit card. If theft occurs, the card company will immediately remove the fraudulent charges—and then pursue the matter.

Use the business debit card strictly for a withdrawal or a deposit. The card should be sans the MasterCard or Visa logo; it’s for deposits and withdrawals only. If you make a purchase with it on a tampered-with card reader, the thief could use your data to make purchases—that’s instant cash out of your account.

Keep tabs on your account daily; weekly at a minimum, even if your bank promises “anomaly detection” in your purchases.

Set up apps in mobile devices to allow account holders to check activity daily.

Use multi-layered protection. Set up spending limits, set up text/email alerts.

Suspicious events, such as exceeding a specified dollar amount in a purchase, should be alerted via e-mail or text.

Implement limited access by employees to your business’s cards.

Get to know your banker or credit union. Having to convince a bank that your money was stolen will be easier if you have a pre-established relationship with the institution. Does your financial institution know you? Or are you merely one of a million customers? Don’t be just another face in the crowd to your bank or credit union; it might someday save your can.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

13 ways Protect your Credit Cards from Fraud

Here are a number of ways you can protect your credit cards from fraud.

2C1. Keep a sharp eye on your credit card accounts. Read through the purchases for every monthly statement to see if any unfamiliar or odd items show up. Don’t just skip past small purchases; a charge for $9.95 could still be fraudulent. A crook knows you’re less likely to pay attention to small numbers. Consider checking your statements online weekly or even better, download your banks mobile app and check them daily.

2. Immediately contact your bank. By law, credit card companies have to give you 60 days to refute unauthorized charges. And with “zero liability policies”  fraudulent charges are often squashed as long as a year later. However the sooner you contact the bank upon suspecting fraudulent activity, the more likely the credit card issuer will reverse the fraudulent charges. The compromised account should be closed and a new card and account issued and opened, respectively.

3. Credit card monitoring services. These are free or fee based and often included in identity theft protection services and will keep an eye on your credit score as well as inquiries for new credit, and balance charges.

4. Implement activity alerts. Your accounts should have these; the alerts can come via e-mail or text for various card related activity, such as based on amount or frequency. You can text messages for every card present (in person) and card not present (online) transaction.

5. Go virtual. If your bank offers it, use a virtual credit card number online. These are card numbers that change every time you use them.

6. Skimming awareness. Credit card skimming is when a thief sabotages the card reader (such as an ATM’s), allowing him to get your card’s data. Look for signs of tampering like loose parts on the keypad or a camera looking down on the console. Conceal the keypad with your other hand when you enter your PIN. A skimmer can also use a handheld device and skim your card right in his hand. Be very careful whom you give your card to for a purchase.

7. Don’t save. That is, your credit card information with an online merchant. Instead, manually enter it every time you shop. The hassle of this means more security.

8. Financial tracking apps. These are free and can alert the cardholder to odd activity, such as an unusually large purchase. I like Mint by Intuit. BillGuard is great too.

9. Be alert. In addition to unauthorized charges showing on your card’s statement, be on the lookout for strange bank account withdrawals, collection notices for debts you’ve never heard of, being rejected for credit applications, among other red flags.

10. Shop securely on Wi-Fi. Use an encrypting software such as Hotspot Shield VPN. VPN is virtual private network and will prevent snoops and crooks from spying on your online activities.

11. Use reputable sites. Make purchases only from reputable sites you’ve already shopped at or otherwise trustworthy sites like eBay (check sellers ratings) and Amazon.

12. Updates. Set your computer’s or device’s critical security patches to automatically update; these patches help correct newly-discovered vulnerabilities. And speaking of updates, make sure you update your antivirus and your browser to the latest version, to correct vulnerabilities.

13. HTTPS.  The HTTPS at the beginning of the browser before the URL, means that the site is secure. Never input your credit card number on a site that does not have the HTTPS in the URL field. The HTTPS means there’s encryption on that particular page.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

Credit Card Theft increasing for Banks and Retailers

2013 was the year of 740 million records involving data breaches. And that number may be erring quite on the conservative side, according to the Online Trust Alliance. The records come from a list on the Privacy Rights Clearinghouse Chronology Data Base.

2CThe list is that of publically disclosed breaches, including the alleged 110 million that struck the big retailer December 13. Many of the listed breaches are of a non-descript number.

The more electronically connected everything becomes, the greater the potential for data breaches—it’s almost as though all this advancement in online data storage and transmission is setting us backwards.

Cybercriminals are good at keeping pace with the progression of online security tactics, matching every leap and bound. This is why organizations must put security and data protection at the top of their priorities and be ready to handle a major breach.

Unfortunately, no one-size-fits-all defense against cyber-fraudsters exists. Nevertheless, there do exist best practices that can optimize a company’s protection against cybercrime.

Let’s take a look at some highlights of the data breaches of 2013.

  • Though that conservative 740 million records was disclosed, 89 percent of the breaches and loss of data incidents could have been thwarted.
  • 76 percent of breaches were due to stolen or weak account credentials.
  • In 2013 alone, 40 percent of the top breaches were recorded.
  • Insider mistakes or threats accounted for 31 percent of insiders.
  • Social engineering was responsible for 29 percent of breaches.
  • Physical loss such as forgetting where one placed a device, flash drive, etc., was responsible for 21 percent of the data loss incidents.

The 2014 Data Protection & Breach Readiness Guide can help service providers and app developers for businesses grasp the issues, factors and solutions that will fire up data protection tactics and bring about a development of strategies for managing a data breach incident.

Smart businesses think proactively:

Smart businesses are investing in their client’s security. Consumers want to know they are being protected before, during and after a transaction.

10 Credit Score Truths and Myths

If your personal information gets compromised, a thief will open up financial accounts in your name. However, they will not pay the bills, and this will ruin your credit.

2CWhether bad credit results from the legitimate credit holder’s irresponsibility or from identity theft, your ability to buy a car, rent a nice place, purchase a home or even get employment can be severely stifled.

1. Credit reports aren’t always accurate. Most have a big error or mistake: 80 percent, actually. Regularly check your credit report.

2. Pulling your credit score will lower it. A “soft” pull is done yourself for personal reasons; it will have zero effect. A “hard inquiry” is when a lender pulls it up for loan approval. It will have a negative impact, but small.

3. A higher income = higher credit score. Income is not relevant to credit score; paying bills on time (or not) is what matters.

4. Credit scores and credit reports are the same. The three big credit reports are Equifax, Experian and Transunion. But there are too many various calculations of credit score to even list here. What matters is your credit managing skills and making sure all 3 large credit bureaus have similar information and scores.

5. Debt settlement removes debt from your credit report. But debt settlement doesn’t fix bad credit. Late payments, bad information and other smears remain for up to seven years following the first “infraction” date.

6. Cash-only payments will improve credit score. You can’t build good credit unless you use credit—and wisely. Get a couple small loans or credit cards and pay them off as you use them.

7. Improve your credit score by closing your credit card accounts. Closing a card lowers your amount of disposable income: the ability to pay off other debt. You don’t want to lower “credit utilization” by closing out a card.

8. Smart management of your various banking accounts will reflect in your credit score. These are not reported to credit bureaus and thus have no impact.

9. Dispute accurate (but negative) information to remove it from your credit report. You can dispute only mistakes. A valid dispute will result in deletion of inaccurate information. A dispute of negative, but accurate, information will achieve nothing.

10. Missed payments that aren’t reported to credit bureaus won’t affect credit score. Any missed or late payment can be reported to a credit bureau.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Debit Cards: Signature or PIN, what’s What?

What kind of debit card do you have? The two types are direct debit cards and deferred debit cards.
2C
Direct debit

  • Use of a PIN (personal identification number), which the bank issues or you choose. Card purchases require entering the PIN, and money is taken out of your checking account on the spot.
  • PIN-based transactions cost retailers less to process, and many banks pass the transaction fee onto the cardholder.
  • Bank fees range from 25 cents to $1.50 per every PIN direct debit purchase. Not all banks blatantly notify the consumer of this, but this should be visible on the checking account statement.
  • Usually safer than the deferred version, as a thief needs to know the PIN to use the card. For obvious reasons, direct debit cards are safer for online use than are deferred debit cards.
  • Cannot be overdrafted unless you opt into overdrafting at the time of account creation.

Deferred debit

Think of a fusion between a traditional credit card and a direct debit card. Rather than on the spot of a purchase, money is withdrawn from your checking account within two or three days of the purchase.

  • No PIN required; only the signature of the cardholder.
  • Has potential for an overdraft, resulting in a fee. The purchase will get cleared even if you don’t have sufficient funds in your account.
  • The overdraft fee could be $30 or more.
  • Tend not to have any transaction fee.

Both of these cards provide a degree of protection for the consumer. With each it is essential the consumer checks their statements frequently as federal law requires banks to refund stolen funds when reported in less than 3 days and up to 60 days depending on the nature of the card.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247.

7 Tips To Better Credit Card Security

Every time you use a credit card, you increase the chances of that card number being used fraudulently. Cards can be skimmed and hacked in a number of different ways.

#1 Watch your card. Whenever you hand your credit or debit card to a salesperson or waiter, watch to see where your card is taken and what is done with it. It’s normal for the card to be swiped through a point of sale terminal or keyboard card reader. But if you happen to see  your card swiped through an additional reader that doesn’t coincide with the transaction the card number may have been stolen.

#2 Cover your PIN. There may be cameras or “shoulder surfers” recording your PIN at an ATM or point of sale terminal. Cover up the keypad to foil the bad guys’ plan.

#3 Change up your card number. This is inconvenient but effective. The more frequently you change your number, the more secure that number will be. Once or twice a year is good.

#4 Select online shopping websites carefully. When searching for a product or service online, do business only with those you recognize. Established e-retailers are your safest bet.

#5 Beware of phishing. Never purchase products or services by responding to an email. This generally results in your card number being phished.

#6 Use secure sites. Before entering a credit card number, always look for “https” in the address bar. The “s” in “https” means the site has an additional layer of protection that encrypts the card number.

#7 The most important tip of all is to watch your statements. This extra layer of protection requires special attention. If you check your email daily, you ought to be able to check your credit card statements daily, too, right? Once a week is sufficient, and even once every two weeks is okay. Just be sure to refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses credit card fraud on NBC Boston. Disclosures



Giving Your Credit Card to a Hotel? Watch Your Statements.

Personally, I don’t particularly enjoy staying in hotels. Sure, after a long day of travel, the hotel is a relief, but in most cases, I’d much rather sleep in my own bed. Criminal hackers, on the other hand, love hotels.

According to a recent study, 38% of all credit card breaches occur in hotels. Despite several high profile breaches that recently affected payment processors and banks, the financial services industry only accounts for 19% of breaches. Retailers came in third at 14%, and restaurants fourth at 13%.

Over the past five years or so, I’ve noticed a trend in which criminals go after the most likely targets, and those victims beef up their defenses in response. So the bad guys move on to the next most likely target – one that hasn’t learned from others’ mistakes.

Hotels are easy targets because they are all credit card-based. It is possible to reserve a room without providing a credit card number, but they don’t make it easy. And hotels themselves certainly aren’t fortresses designed to keep bad guys out. They’re designed to be open and inviting, with, at best, a bellman whose focus is assisting guests rather than guarding the front door. Maybe that mentality exists in hotels’ IT security departments, too.

The root of the issue is the hotel industry’s insufficient security measures to prevent data breaches. Many rely on older point of sale terminals and outdated operating systems, which are more vulnerable to hackers. When the recession hit, many hotels cut back and decided to hold off on upgrades. While their defenses were down, hackers slithered into their networks to steal guests’ personal financial data. Once thieves have accessed this data, they can clone cards with the stolen numbers and use them to make unauthorized charges.

As a consumer, your only recourse is to pay close attention to every single penny charged to your credit card, and dispute any fraudulent or incorrect transactions, no matter how small. Check your statements frequently and be sure to dispute all unauthorized charges within two billing cycles, or 60 days.

Canada and Mexico have adopted smart cards, which use “chip and PIN” technology, making the credit card data useless to potential identity thieves. Eventually we may see the adoption of smart cards in the U.S., which would put an end to this madness.

Robert Siciliano, personal security adviser to Just Ask Gemalto, discusses hackers hacking hotels on CNBC. (Disclosures)