Banks and Credit Card Issuers Move Toward Chip and PIN

/in /by

EMV, which stands for Europay, MasterCard, and Visa, refers to the chip and PIN credit card technology commonly used in Europe and elsewhere around the world. Credit cards that incorporate an embedded microprocessor chip are far more secure than any other form of credit card currently available, including the standard magnetic striped cards that are all too easy to skim at ATMs and point of sale terminals.

Major banks and retailers are now pushing very hard to make EMV the new standard in the United States. Visa recently announced plans to expand their Technology Innovation Program to the U.S., which will encourage retailers to support cards with microchips by “[eliminating] the requirement for eligible merchants to annually validate their compliance with the PCI Data Security Standard for any year in which at least 75% of the merchant’s Visa transactions originate from chip-enabled terminals.” This will go into effect October 1, 2012 for merchants whose point-of-sale terminals accept both contact and contactless chips.

Meanwhile, Citi has announced the launch of its own Citi Corporate Chip and PIN card, which is designed for U.S. cardholders who travel abroad. Bank of America has made a similar announcement of its expanded credit card technology aimed at international travelers. And Wells Fargo is already testing EMV cards in the United States, with its Visa Smart Card, which includes the traditional magnetic stripe as well as a microprocessor chip, in order to make the cards flexible and useable around the world. Wells Fargo’s pilot program includes 15,000 customers who travel regularly.

With all these major players making significant strides to embrace EMV chip technology, it’s only a matter of time before full adoption becomes inevitable.

Consumers would be smart to take advantage of any pilot program available to them. EMV chip and PIN technology is more secure, and it also works better internationally than the old-school magnetic stripe.

For more information on the benefits of EMV chip technology and to show your support, visit www.GetFluentC.com, from JustAskGemalto, to let your voice be heard and share your stories.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

 

Should You Store Passwords In The Cloud?

/in /by

It seems that almost every site on the web requires a password. At least twice a week, I get an email from someone who wants me to join yet another network, which requires yet another username and password. You can cop out and use the same username and password combination, but that’s just asking for trouble.

The key to surviving password management going forward is to make a small investment in a password management service that stores your passwords in the cloud and also on your computer. The best thing about a password manager is that you ultimately have just the one master password to remember, which gets you access to all the different passwords for each site.

What to look for:

  • A password generator tool that makes strong passwords that cannot be cracked, and that you never really need to remember, because they are all stored in the password manager.
  • One that works across multiple browsers and can sync multiple PCs.
  • Smartphone application syncing with the cloud.
  • Security of password managers is pretty much a nonissue at this point, since most have levels of encryption that can’t be easily cracked.

The real security vulnerability is with your own computer and any existing or future malware that can log your keystrokes or take screenshots. Run virus scans and the most updated version of your antivirus software to prevent any infections.

Another layer of protection is to add your computer’s built-in onscreen keyboard to your task bar and use it to enter your master password.

Cloud-based password managers:

RoboForm is my favorite. It’s $9.95 for the first year and $19.95 every year after that.

Install RoboForm on as many computers and mobile devices as you wish, all with the same license. Seamlessly keep your passwords and other data in sync. Always have a backup copy of your passwords and other information. It’s also extremely secure and easy to use.

Keepass is free. This is a free open-source password manager, which helps to securely manage your passwords. You can store all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). For more information, see their features page.

For $39.35, 1Password can create strong, unique passwords, remember them, and restore them, all directly in your web browser.

LastPass is also another good free option.

Using a password management tool like those listed above is easier: never forget a password again and log into your sites with a single mouse click.

It’s everywhere: the program automatically synchronizes your password data, so you can access it from anywhere at anytime.

It’s safer: protect yourself from phishing scams, online fraud, and malware.

It’s secure: all of your data is encrypted locally on your PC, so only you can unlock it.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

 

Top Six Free Cloud Storage Centers

/in /by

“Free” is one of my favorite words  so when I have the option to get something for free, I will allocate a reasonable amount of time figuring out how I can apply that to my life before I determine if I should adopt it, or if it’s worth the extra few bucks for the paid version, or if it isn’t worth my time at all.

Backing up data is as important as securing your data, so I back up in multiple places, some of which are free and some that charge a fee.

Here are the freebies:

Google: For Windows, Mac, iOS. Up to 10 GB free space. Designed to store documents in Google Docs, photos in Picasa. Google storage is scattered. It’s only effective for documents and photos.

iCloud: For Mac, iOS, limited functions for Windows. 5 GB free space. Designed to automatically back up all your Apple devices wirelessly.

Amazon Cloud Drive: For Windows, all Adobe Flash enabled devices, not for iOS. 5 GB free space, then $1 per extra GB. Designed for manual upload and backing up media.

Windows Live: For Windows, Mac. 25 GB free space. Designed to store anything you want.

Dropbox: For Windows, Mac, iOS. 2 GB free space, then $2 per extra GB. Designed to store anything you want. It’s the only cloud storage that seamlessly and automatically syncs all your devices in one place.

YouSendIt: For Windows, Mac, iOS. 2 GB free space. Designed to store anything you want. Allows for sending links via email for downloading.

Each of the above cloud storage spaces fits a certain need based on the systems and devices you have. If all you need is a data dump, then Windows Live is it. If you need synchronicity across platforms, go for Dropbox. If you are all Apple, then iCloud is your service. YouSendit is the only one that allows for emailable links to download files, which I use a lot.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

How to Use the Cloud to Reduce Expenses

/in /by

Many people are looking to cut expenses. Personally, I’ve shaved at least a couple thousand dollars a month from my expenses by downsizing to one car, cutting out lots of monthly recurring fees, and looking closely at which services I can now shift to the cloud.

Software: Contact managers, office documents, media editing programs, you name it: if there is a software version, there is probably a cloud-based version, and often for free. Just search for the name of the software you use plus “free online.”

Data storage: Backing up your data is absolutely fundamental. And while you can buy a two terabyte hard drive for under $100 (and you should), you can also get free online backup all day long. But you won’t find anything free that includes more than 100 gigabytes, and most free services provide between two and 25 gigabytes. Search for “free online backup.” I need terabytes, so I pay.

Media: Are you still getting a newspaper delivered? Cutting out a newspaper can save $15 – $30 or more every month. Most newspapers offer an online equivalent for free or for a small fee. If your paper is now charging, like The Boston Globe and The New York Times, look to other dailies in your region that don’t.

Are you actually watching all that much cable television? If you break down your cable bill it’s at least $2 per day, and some people pay as much $7 – 9 per day! Cloud-based services like Hulu and Netflix cost less than a dollar a day and offer lots more customized entertainment.

Are you paying for satellite radio? Sirius? Are you serious? That’s over a $150 a year! Internet radio options such as Pandora offer free versions that keep you tuned in and entertained. They are also available on smartphones.

Telephone: Still paying for a landline? If you have a mobile, you may not  need a landline. But what’s even cheaper is cloud-based Skype. You can use your smartphone or PC to call any Skype user for free, or any number in the U.S. from anywhere in the world for $3 per month! Google Voice has a great product too, but Skype is still a little friendlier.

And are you even using a fax machine anymore? I do, so I have to have something in place to send or receive faxes. Scanning documents is easy with an all-in-one scanner, printer, and fax, so many documents can be emailed. But services like UReach.com cost less than $10 per month and allow you to receive faxes through the cloud in your email.

Paper Statements: Look closely at all your bills. In the past five years, many companies have given consumers the option of going paperless, receiving statements via email, and viewing them in the cloud. They have also provided options for electronic funds transfers. Some are even charging extra to send paper statements and to process paper checks. By going all cloud-based, you could probably save a few bucks every month.

Shopping: I still drive to buy food, home hardware like nuts and bolts, and some clothes. Otherwise, electronics, appliances, shoes, and pretty much everything else can be bought online. Amazon, Zappos and many eBay sellers often provide unbeatable prices because they have much less overhead and free shipping to boot!

Saving money is fun when it’s done in the cloud. It’s smart and when it’s done right it’s more secure, too!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Cloud-Based Contacts Managers: To Use or Not to Use?

/in /by

The old adage, “It’s not what you know, it’s who you know,” still rings true today. Without a network of “trust agents,” influencers, or simply good contacts, it’s hard to get anything accomplished. Getting a new job, making sales, or simply finding a good accountant requires a network of people you know, like, and trust to make a recommendation so you won’t get fleeced.

So how do you manage your contacts? How do you stay in touch and up-to-date with relevant names, addresses, and phone numbers? Many people still use a notepad, others use a subscription service or software such as ACT!, and even more use Outlook. More and more people are using cloud-based contact managers today than ever before. Some are free, while others cost as little as $5 or up to hundreds per month.

I’ve tried them all and can tell you there are a variety of options. The goals of any contact management system are ease of use, portability, accessibility, customization, and backup. If the contact manager you choose is in the cloud, then security is also an important consideration.

Social media: Many people are now using cloud solutions such as Facebook and LinkedIn to manage contacts, which can also be made available on your smartphone, but lack customization, calendars, or note functions. Check out LinkedIn’s Profile Organizer and Gist.

Cloud-based email: Yahoo and Gmail both offer contact managers. Gmail’s is the most comprehensive and includes a section for notes. Gmail contacts can also sync with an iPhone and Android in real time portability. If Gmail could link your calendar with your contacts, it would be a perfect contact manager.

Customer relationship managers (CRMs): These are full-blown contact managers that make contacts, calendars, and notes accessible from smartphones and computers. CRMs are generally used by businesspeople that need to manage clients.

A true CRM keeps track of emails and calls, along with calendar notifications. Some will make a phone call via Skype or a landline with the click of a button.

There are many to choose from and most cost upwards of $300 per year or much more.  Check out Zoho CRM, Free CRM, SugarCRM, Microsoft Dynamics CRM, Highrise, and the most popular, Salesforce.com, which I still find cumbersome and clunky.

What do I use? I use ACT! locally, and I use Gmail’s contacts and calendar in the cloud. The hybrid works for me and is either cheap or free, with no annual fee.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Cloud Home Security is Here

/in /by

A burglary occurs every 15 seconds. The chance of your home being broken into is higher than you’d think. The good news is that today’s alarm systems are “not your father’s alarm.” Twenty years ago, a contractor had to spend a week tearing up your walls, ceilings, and windows to retrofit a messy, hardwired security system. These alarms were so expensive that they were mainly used by businesses, rather than in private homes.

Since then, home security systems have dropped in price. They are now mostly wireless, right down to the cellular phone signal. But what makes home alarms even more exciting is that the majority of the functions are cloud-based.

I have the “ADT Pulse,” which marries home security with automation. From almost anywhere — on the road, in your office, or even at the beach — you can access your cloud-based smart home system. Depending on the plan you select, this system can provide an unprecedented level of control with Z-Wave wireless technology, your own personal command center, compatible mobile phone, and interactive touch screen security system.

Using my iPhone or any computer, I can access a cloud-based server that allows me to watch live footage from each of the 16 cameras I have installed in and around my property. The cameras also begin recording automatically whenever motion is detected, and that footage is stored in the cloud and available to me anywhere, any time. It’s amazing how often I access these cameras when I’m on the road.

With home automation, I can use the cloud to remotely switch lights on and off and adjust the temperature control system. I also get alerts in the event of an intruder or even a broken water pipe!

Having a cloud-based, Internet-connected home security system certainly provides an excellent layer of protection, not to mention peace of mind.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

The Cloud of Clouds: Amazon Web Services

/in /by

Amazon Web Services is a cloud-based service hosted by Amazon.com, which provides numerous tools for web-based businesses. The service’s primary function is to help businesses of any size compute and store data.

Solutions available to both businesses and consumers include:

  • Application Hosting
  • Backup and Storage
  • Content Delivery
  • Databases
  • E-Commerce
  • Enterprise IT
  • High Performance Computing
  • Media Hosting
  • On-Demand Workforce
  • Search Engines
  • Web Hosting
  • Media and Entertainment
  • Life Sciences

Let’s say you run a small business that is rapidly expanding. You probably already have a basic website, and perhaps a local or national company to handle your data traffic. But when your traffic is suddenly growing exponentially and you find yourself needing more bandwidth, that’s where Amazon Web Services comes in. Their cloud is ready and waiting to handle whatever your clients can throw at it.

But what really makes Amazon’s cloud stand out from the rest is that it isn’t just a “server.” The features listed above include software and other tools that allow developers to work seamlessly with Amazon’s platform. They have created a service that almost any business can plug into, right out of the box.

Security is paramount. Amazon states: “In order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with security best practices, provides appropriate security features in those services, and documents how to use those features.” More here.

Google has applications and user-friendly web services that we, as employees or consumers, use on a daily basis to administer, communicate, and organize information.

Apple has their proprietary platform, and they make certain code open to developers who create games and software for iPhones and iPads.

Amazon Web Services provides cloud-based platforms and software, which makes it possible not only for businesses to function, but for developers to create exciting new technologies. That’s what makes their cloud the cloud of clouds.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Cloud-Based ATMs Coming Your Way

/in /by

Criminals often target cash machines, as well as various other automated kiosks that dispense DVDs, tickets, or other merchandise. They have discovered numerous techniques for compromising these devices. According to the ATM Industry Association (ATMIA), ATM fraud alone results in over a billion dollars in losses each year.

But manufacturers are fighting back.

Diebold, a security systems corporation and the largest ATM manufacturer in the US, has developed a prototype for a “virtualized ATM.” The new machines will utilize cloud technology to enhance security, mitigate fraud, and improve operational efficiency, delivering an optimal consumer experience.

Unlike traditional ATMs, these new machines will contain no onboard computer. Instead, each individual terminal will be connected to a single, central server, which will provide resources to a fleet of cloud-based ATMs.

This advancement will give banks and ATM operators greater control over multiple machines. Servicing the new ATMs will be easier and more efficient, with more updates and less downtime.

For consumers, the most noticeable differences will be better service and security. Over time, the savings in operating cost can be put toward upgrades in card technologies, near field communication, and possibly even biometrics.

The emergence of cloud technologies will speed up the adoption of many new, more convenient and streamlined offerings. The future is here, and it’s fun!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Cars in the Cloud

/in /by

People love their cars. My 80-year-old mother-in-law goes nutty at the thought of not being able to drive. “Take my car and you take my freedom,” she says. I understand where she is coming from. Personally, I don’t like to drive. But I do like riding my Harley!

Many consider cars synonymous with freedom. Cars allow you to go places and have experiences that you otherwise wouldn’t. That’s why it’s so exciting that cars are now being equipped with lots of new features, including technology that can essentially meld your car with the Internet!

Ford recently unveiled the Evos, a car that learns your driving preferences and uses its Internet connection to provide traffic information and other useful details. It can tailor the suspension and driving modes based on your driving style and ability. It can also detect the driver’s heart rate. The Evos is a concept car, but Ford plans to release a similar model within the next several months.

OnStar offers “RemoteLink,” an application for your iPhone or Android, which allows Cadillac, Chevrolet, Buick, or GMC owners to view real-time data including fuel range, gallons of gas remaining, and lifetime MPG, lifetime mileage, remaining oil life, tire pressure, and account information. Chevrolet Volt owners can view their car’s electric range, electric miles, MPG, and the battery’s state of charge, as well. Users can also remotely perform certain commands, such as unlocking doors, with this application.

The New York Times reports that Google “has been working in secret but in plain view on vehicles that can drive themselves, using artificial-intelligence software that can sense anything near the car and mimic the decisions made by a human driver.”

The benefit of this technology is the potential for Internet-connected vehicles to communicate through the cloud, working in tandem to prevent accidents, conserve fuel, and facilitate a more efficient flow of traffic.

Sounds like a big stretch from my heavy old 1970 Chevy Impala!

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures

Username and Passwords Are Facilitating Fraud

/in /by

In 2005, the Federal Financial Institutions Examination Council stated:

“The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. Account fraud and identity theft are frequently the result of single-factor (e.g., ID/password) authentication exploitation.  Where risk assessments indicate that the use of single-factor authentication is inadequate, financial institutions should implement multifactor authentication, layered security, or other controls reasonably calculated to mitigate those risks.”

Here we are in 2011, six years later, and well over half a billion records have been breached. And while it is true that not all of the compromised records were held by financial institutions, or were accounts considered “high-risk transactions,” many of those breached accounts have resulted in financial fraud or account takeover.

Back in 2005, you might have had two to five accounts that required you to create a username and password in order to log in. Today, you may have 20 to 30. Personally, I have over 700.

The biggest problem today is people most often use the same username and password combination for all 20 to 30 accounts. So if your username is name@emailaddress.com, and your password is abc123 for one website that ends up getting hacked, it will be easy enough for the bad guy to try those login credentials at other popular websites, just to see if the key fits.

The quick and simple solution is to use a different username and password combination for each account. The long-term solution is for website operators to require multifactor identification, which may include an ever-changing password generated by a text message, or a unique biometric identification.

Until that time, the three best tips to create an easy to remember but hard to guess string password are as follows:

Strong passwords are easy to remember but hard to guess. “Iam:)2b29!” consists of ten characters and says, “I am happy to be 29!” (I wish).

Use the keyboard as a palette to create shapes. “%tgbHU8*” forms a V if you look at the placement of the keys on your keyboard. To periodically refresh this password, you can move the V across the keyboard, or try a W if you’re feeling crazy.

Have fun with known short codes or sentences or phrases. “2B-or-Not_2b?” says, “To be or not to be?”

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures