Posts

Should You Worry About Contactless Credit Card NFC Skimming

If you have a contactless card, you might have worries about skimming. A contactless card or “frictionless” or “tap and go” is a card that has technology in it that allows payment over secure wireless like Apple Pay, Android Pay etc. Basically, this is where a criminal literally digitally pickpockets you by scanning things like your debit card or passport. What’s scary about this is that anyone can get an app for their phone that will allow them to skim. Is there protection for this? Maybe.

But before you freak out, you probably don’t even have a contactless card. Very few cards deployed in the USA are contactless, so that sleeve you use doesn’t protect you from anything. Now if you are overseas or even in Canada, then look at your card and if there is a WiFi looking logo on there, you have contactless.

The way that the bad guys skim this information is by using RFID, or radio-frequency identification. There are RFID signal jammers out there, but the question is this: do they work and are they necessary?

RFID Signal Blockers

If you put some time into it, you will find a number of RFID signal blockers on the market. Some of these are small and slip right into your wallet. Others are passport sized. There are also RFID signal blocker wallets on the market.

The Test

A blogger recently put these RFID signal blockers to the test…on the London Underground, one of the most crowded places in the world, especially during rush hour. He set up the test by asking one person to place a debit card in their pocket, and then another person used a mobile phone with an RFID signal scanner. The result was that the phone could scan and record the number on the debit card and the expiration date, simply by holding the phone really close to the pocket.

The blogger took the test a step further and tried to block these signals with RFID blocking technology. Even though the experiment was very unscientific, the blogger found that the blocker stopped the skimming.

Protecting Yourself

There are some things you can do to protect yourself from this. First, check your passport. It should have a chip in it. This chip is in all US passport that have been released since 2007. Now, someone can still take information from your passport using RFID skimming, but they have to actually be on the page where the photo is, and it’s pretty rare that they would have access to that.

You can also use a shielding device. They can certainly work, and some people have even found great results by using tinfoil. This will further help to protect your accounts.

Finally, even if you are using an RFID shielding device, make sure that you are checking your statements for anything suspicious. This is especially the case if you often find yourself in crowded places, like the subway.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

How to Protect You Frequent Flier Miles NOW

Social Security numbers and credit card numbers are not the only types of data that hackers are after. Now, they are looking at frequent flyer accounts, and they are stealing reward miles, and then selling them online.

How do Hackers Steal Frequent Flyer Miles?

As with other types of ID theft, hackers use info that they have illegally obtained to access frequent flyer accounts. With more data breaches happening than ever before, hundreds of millions of records are exposed, and thus, hackers have great access to the personal info they need to get into these accounts.

What do Hackers Do with Frequent Flyer Miles?

It is hard for hackers to use these miles on their own because often, the travel has to be booked in the name of the owner. However, it is very easy to transfer these miles to other accounts or to use the miles to purchase other rewards. Usually, no ID is needed for a transfer like this. This is also difficult to track because hackers use the dark web and VPNs to remain anonymous.

Hackers also sell these miles, and they catch a pretty penny. For airlines like British Airways, Virgin Atlantic, and Delta, they can get hundreds, or even thousands of dollars for their work.

In addition to transferring these miles from one account to another, hackers are also selling the account’s login information. Once someone buys this, they can now get into the owner’s account and do what they want with the miles.

Protecting Your Frequent Flyer Miles

There are some things that you can do to protect your frequent flyer miles. You should check your frequent flyer accounts regularly using your airlines mobile app. Change all your airline passwords and never re-use passwords and set up a different password for each account.

Other things that you can do include the following:

  • Protect your personal information by making sure every online account has a unique and difficult to guess password.
  • Use a dark web scan. This will show you if any personal information is out on the dark web.
  • If you do find that your miles have been stolen, it also is probable that your personal information has been compromised, too. Monitor your credit report and check it often for anything that looks odd. This is a big sign of an issue.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Second Hand and Discarded Devices Lead to Identity Theft

A new study was just released by the National Association for Information Destruction. What did it find? Astonishingly, about 40% of all digital devices that are found on the second-hand market had personal information left on them. These include tablets, mobile phones, and hard drives.

The market for second hand items is large, and it’s a good way to find a decent mobile device or computer for a good price. However, many times, people don’t take the time to make sure all their personal information is gone. Some don’t even understand that the data is there. This might include passwords, usernames, company information, tax details, and even credit card data.  What’s even more frightening is that this study used simple methods to get the data off the devices. Who knows what could be found if experts, or hackers, got their hands on them. It wouldn’t be surprising to know they found a lot more.

Here are some ways to make sure your devices are totally clean before getting rid of them on the second-hand marketplace:

  • Back It Up – Before doing anything, back up your device.
  • Wipe It – Simply hitting the delete button or reformatting a hard drive isn’t’ enough. Instead, the device has to be fully wiped. For PCs, consider Active KillDisk. For Macs, there is a built in OS X Disk Utility. For phones and tablets, do a factory reset, and then a program called Blancco Mobile.
  • Destroy It – If you can’t wipe it for some reason, it’s probably not worth the risk. Instead, destroy the device. Who knows, it might be quite fun to take a sledge hammer to your old PC’s hard drive, right? If nothing else, it’s a good stress reliever!
  • Recycle It – You can also recycle your old devices, just make sure that the company is legitimate and trustworthy. The company should be part of the e-Stewards or R2, Responsible Recycling, programs. But destroy the hard drive first.

Record It – Finally, make sure to document any donation you make with a receipt. This can be used as a deduction on your taxes and might add a bit to your next tax return.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

How long does Information stay on Credit Reports?

If you are concerned how long any negative information will remain on your credit report, it takes seven years from the Date of the Last Activity (DLA) before the item is deleted from your records (and seven to 10 years for bankruptcies). This is a very common question posed to credit reporting agencies.

Credit reporting agencies get your information (bad or good) from lenders and collection agencies. The reporting agencies simply compile the information that comes to them.

Consumer Statements

The credit report may contain not-so-appealing information about a dispute that you were involved in that did not see a resolution. For no fee, you can file a statement with the credit reporting agency, summarizing the situation in a brief fashion. At any rate, you can make a request for the dispute information to be removed from your record, and there is no fee or required timeline for this.

Collection Accounts

These stick around for seven years out from the first past-due date for the payment.

Judgments

From the date filed, it’s seven years.

Credit Accounts

These will stay on your record up to a decade from the DLA. If you fail to pay, it will be on your record for seven years from the first past-due date. So you’re looking at seven years for records of delinquent payments.

Inquiries

When entities like businesses get a copy of your credit file, this inquiry report stays on the record for one or two years. Another type of inquiry relates to promotional offers of credit lines; they’re gone in a year. Inquiries do not affect your credit score.

Tax Liens (Paid and Unpaid)

From the date these are paid, it’s seven years. However, unpaid ones are on the record forever.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

My EMV for a Week Challenge is DONE!

This week I worked with Gemalto, as part of Gemalto’s #ChipAwayAtFraud campaign. I was tasked with using my “chip” card when making a bunch of every day purchases like getting coffee and shopping. Gemalto, one of the world’s leaders in digital security, wanted a real-world take on the EMV card experience, which includes the security benefits EMV cards presents. You know EMV; it’s the “chip” credit card that, by now, you should have.

1CHere’s what I learned:

A significant portion of the retailers I frequented didn’t have the chip terminals in place. The ones that did afforded more security and a seamless transaction. At this point in EMVs rollout, the biggest issue, or frustration, I think, is its lack of deployment. For instance, you may have to redo a transaction when a chip card is inserted opposed to swipe and then to be told by the cashier “We don’t accept chip cards yet, please swipe”. The opposite happens too, but less frequently.

Otherwise, chip cards are a no brainer. The “learning curve” for EMV or Chip is learned in the first transaction. Once done, you’ll be able to do it every time, and there are no delays or issues with the transaction.

Overall, we are collectively more secure because of EMV/Chip technology. Over time, there will be 100% adoption of this method as magnetic striped cards are phased out along with magnetic striped “swipe” point of sale terminals. For now, and really, forever, a consumer’s first line of defense is to pay close attention to their card statements.

I always recommend signing up for your bank or card company’s mobile app and receiving alerts and notifications with each transaction. This way you’ll be able to dispute fraudulent charges in real-time, if needed.

Meanwhile, your chip cards are here to stay. Embrace the technology, as its primary purpose is security and convenience. As more and more retailers get up to speed, we will see fewer and fewer news reports of huge credit card data breaches because of EMVs full scale deployment.

How to build up or rebuild your Credit

After taking all the necessary steps to Fixing a Credit Report after being hacked, it is then tome to rebuild your credit. Bad credit is bad credit no matter how it happens. No matter how responsible you are with your money, you won’t get a loan if there’s no evidence of this. The evidence comes from having credit. You need to show lenders you can be trusted.12D

  • Every time you apply for a credit card, this puts a dent in your credit score. In other words, it can negatively affect your scores especially if there are lots of credit checks in a short period of time. So apply with a lot of discretion; do you really need that extra charge card? Or is it worth it to continually cancel accounts and open new accounts while playing the interest/points game?
  • Get a major credit card. A charge card is an opportunity to show that you will pay back, on time, money that you “borrowed.” A debit card for this purpose is meaningless because it withdraws money from your account on the spot.
  • An option is a type of credit card that requires a security deposit. Payment of your bills will not come from this security deposit. But it looks good to a potential lender, making you seem more trustworthy.
  • Charge things like gas, food and other items, and/or put a monthly bill on the card for automatic payments such as your cable bill, then pay the card on time every single time—ideally the entire balance. This will create a record of your trustworthiness.
  • Charge no more than 50 percent of the card’s limit in any given month, even if you CAN pay the whole thing off every month. Exceeding 50 percent, some say, can adversely affect your credit score.
  • A rule of thumb is to charge only what you’d be able to pay in cold cash every month. Just because your card has a $5,000 limit doesn’t mean you should rack up $4,500 worth of purchases in one billing cycle.
  • Use the card every month; don’t let it go dormant, as this is not impressive to a lender. If you’re having a tough time remembering to charge things like new shoes, food, drug store items, etc., then set it up for automatic draft of a monthly service.
  • Even ONE late payment will screw things up. Remember, charge only what you’d be able to pay for in cash each month. If you can’t, don’t charge it.
  • If YOU check your credit report any time; it won’t dent your credit score. When lots of creditors check your credit, that can affect your scores.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Should You Use Near-Field Communications?

Have you ever wondered what kind of superpower you’d have? I’ve always wanted to send messages and ideas with my mind to others. My dream can sort of come true with near-field communications (NFC).

7DYou’ve might not have heard of NFC, but if you have a smartphone, there’s a good chance you’ve used it. If you have ever used Apple Pay or bumped your Galaxy smartphone with your buddy’s to send pictures, you have used NFC. By definition, NFC allows smartphones and similar devices to establish radio communication with each other by bringing them close together, usually no more than a few inches or centimeters. It’s an exciting technology that has a lot of promise, but there are a few concerns too. Let’s take a closer look at the pros and cons of NFC.

Pros

  • Convenient. In a busy digital world, people like transactions that are quick and easy. That is one of NFC’s greatest strengths. No more digging around a wallet or purse for a debit or credit card, all you need is your phone. The technology is intuitive—bring your phone close to the reader and a simple touch and bam! Transaction completed. Think about how much time that would save at coffee shops, grocery stores, etc.
  • Versatile. NFC can be used for many situations and in many different industries. In the future, NFC technology could allow you to use your phone to unlock your car, access public transportation, or launch applications depending on where you are (bedside table, work desk, etc.).
  • Safe. If your wallet is stolen, thieves immediately have access to your information. With a smartphone, your data can be protected by a password and/or PIN. But the biggest strength is that with NFC payment, retailers no longer have access to your credit card information.

Cons

  • Security. Although NFC technology is more secure than magnetic strip credit cards, there are still security concerns. As people use this technology to purchase items or access cars, there is more incentive for hackers to break into smartphones to steal financial and personal information.
  • Usability. NFC will only succeed if merchants and companies adopt it as the way of the mobile commerce future. Although the technology is consumer-friendly, it is expensive to purchase and install related equipment. And it still may take years before there are enough smartphone users for NFC to add enough value to merchants to implement.

NFC is a new and blossoming technology with lots of potential. Whether you decide to use it or not, there are always things you can do to keep your personal and financial information safe. For tips and ideas, check out Intel Security’s Facebook page and Twitter feed.

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked!  Disclosures.

Card Company’s boosting Payment Security with Mobile

Whoever thought that one day, paying with green paper would be viewed as primitive as a horse and buggy? We seem to be getting closer to that time, especially since the security of making payments via smartphone is always being improved.

5WOne way is with fingerprint scanning. Some smartphones already have this biometric feature. But what about credit cards and biometrics? Visa is currently experimenting with biometrics, but nothing yet has been deployed to the public. Nevertheless, a credit card company trying to develop something with biometrics will likely need to get involved in the smartphone arena.

There will always be the consumers who want to stick to the old-fashioned method of using cash, just like there are always those strange people who insist on buying the kind of stamps that you must lick (or wet with tissue paper) rather than the self-stick ones. But hopefully, credit card companies will cater to both kinds of people amking the new technology stupid simple.

If the credit card companies come out with biometrics tied into the mobile device, it will likely be a fingerprint scanner vs. face or voice recognition, but the fingerprint password will be sufficient security after long term testing.

New technology is never carved in stone, but let’s at least get it out there and see how it works. Let’s see how new technology like biometrics in a mobile (like Apple pay) can combat credit card fraud.

In the meantime, card companies and consumers (and banks) must continue to wrestle with the rampant crimes involving credit cards. Recently, MasterCard teamed with Syniverse, a mobile technology company, with the goal of stifling fraudulent use of credit cards.

MasterCard’s approach relies upon the smartphone geolocator. The company’s plan enables the card to be used only if it’s within a certain range of the owner’s smartphone. Though at first, this sounds fool-proof, it has a flaw: What if the thief is within that range? Obviously, if the card is swiped a thousand miles away from the holder’s mobile device, the thief will fail. This new technology hinges upon the thief being outside that range.

A perk of this new technology is that it eliminates the hassle of the holder having to notify the company that they’re traveling so that transactions won’t be declined—because the transaction will occur near the holder’s smartphone—unless a thief makes off with the smartphone and just happens to get out of range.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Chip and PIN, will It save Us?

Many Americans, says a recent survey by Gallup, worry about a data breach connected to the use of their credit cards. Interestingly, many people use a credit card for everything under the sun: even just a soda and bag of chips from the convenience mart. The more you use a credit card, the more likely it will be compromised by cyber thieves.

1CThe magnetic stripe technology for credit cards makes them so “hackable.” One way to help prevent credit card crimes is to implement a chip-and-PIN technology. It’s been touted as a sure way to keep crime at bay. But is it what it’s cracked up to be? After all, how could the thief, holding your credit card, know your PIN?

The magnetic stripe contains account information. This can easily be copied with a thief’s tools such as a skimming device. A chip card uses a microprocessor that’s embedded. This makes the account information non-accessible to a hacker during any point of a sales transaction.

There are additional features to chip technology that tie into keeping fraud away:

  • Every time the card is used is recorded.
  • A cryptogram lets banks view the data flow.

Chip technology will be coming out in 2015 for the States, and experts are very confident that this transition will choke a lot of life out of card fraudsters. The transition will cost around $8 billion—if done correctly. And this “roll-out phase” won’t happen overnight, either.

There has been credit card fraud involving chip technology. Here’s how it happened: The crooks stole account information from magnetic stripes via skimming. The transactions were then done EMV style, then the criminals picked up traffic from an authentic EMV chip transaction. Next, the thieves put the information they’d skimmed into the transaction, and pulled off their crime.

In short, chip-and-pin technology is not without the element of human error; EMV can still be implemented poorly. As for that human error, this happened not too long ago with Canadian banks. They were struck with a big financial loss because the counter data and cryptograms were not being checked efficiently.

We can have a really great thing here—if it’s implemented in a smart way. What good is an advancement in technology if it’s carelessly employed?

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Chip and PIN vs. Chip and Signature Cards

The planet’s most powerful nation is sure backwards when it comes to the payment card industry: Why has America been using 1970s technology as of the posting date of this article? That magnetic strip on credit and debit cards has GOT to go already! And thank goodness, the transition to chip technology is more imminent than ever.

1CFor those of you out of the loop, the stripe makes it ridiculously easy for cyber thieves to commit all sorts of crimes. (Remember Target?) The chip in most cases will trip them up on this.

Chip-and-PIN technology is better than chip-and-signature. However, the chip-and-signature is taking a much stronger root in America than the PIN version. The signature version’s most obvious drawback is that it’s useless in all the other nations where PIN technology rules.

Additional Problems with Chip ‘n Signature

  • A signature can be forged.
  • The card can be intercepted prior to transaction completion.
  • Will be very costly to convert the current stripe technology to signature—but the investment will not offset the cost due to the inherent weaknesses in signature-based technology.
  • Consumers, thinking that the “chip” part of the signature version means great security, will be miffed once they realize how vulnerable signature actually is.

Benefits of Chip ‘n PIN

  • The card issuer must assign the personal identification number prior to mailing the card to the user; the user must reset the PIN at a branch. Just like a debit card. Easy.
  • Makes it really difficult for criminals to use a person’s credit or debit card in a fraudulent way. A most obvious example is that if a thief steals or finds a lost credit card…and tries to make a purchase…he’ll come to a dead end when it’s time to enter the PIN.

Drawbacks of Chip ‘n PIN

  • Will cost an arm and a leg to implement on a universal scale, and unfortunately, funds are already being diverted to switch over to the signature technology rather than the chip.

Solutions to the Signature Problem

  • To nab or prevent imposters from making that signature, certain technologies like geo-location can be implemented to determine if the customer is the real owner of the card. There’d be multiple technologies in place for verifying ownership.
  • The transaction can require voice biometrics with a smartphone: The system will approve the purchase only when the card user’s voice is identified as that of the real owner.
  • The second point here would be contingent on authenticating the smartphone.

But all that seems a little complicated an unnecessary. We really should just use the Chip and Signature. Or how about we just use Apple Pay!

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.