Posts

Credit Card Theft increasing for Banks and Retailers

2013 was the year of 740 million records involving data breaches. And that number may be erring quite on the conservative side, according to the Online Trust Alliance. The records come from a list on the Privacy Rights Clearinghouse Chronology Data Base.

2CThe list is that of publically disclosed breaches, including the alleged 110 million that struck the big retailer December 13. Many of the listed breaches are of a non-descript number.

The more electronically connected everything becomes, the greater the potential for data breaches—it’s almost as though all this advancement in online data storage and transmission is setting us backwards.

Cybercriminals are good at keeping pace with the progression of online security tactics, matching every leap and bound. This is why organizations must put security and data protection at the top of their priorities and be ready to handle a major breach.

Unfortunately, no one-size-fits-all defense against cyber-fraudsters exists. Nevertheless, there do exist best practices that can optimize a company’s protection against cybercrime.

Let’s take a look at some highlights of the data breaches of 2013.

  • Though that conservative 740 million records was disclosed, 89 percent of the breaches and loss of data incidents could have been thwarted.
  • 76 percent of breaches were due to stolen or weak account credentials.
  • In 2013 alone, 40 percent of the top breaches were recorded.
  • Insider mistakes or threats accounted for 31 percent of insiders.
  • Social engineering was responsible for 29 percent of breaches.
  • Physical loss such as forgetting where one placed a device, flash drive, etc., was responsible for 21 percent of the data loss incidents.

The 2014 Data Protection & Breach Readiness Guide can help service providers and app developers for businesses grasp the issues, factors and solutions that will fire up data protection tactics and bring about a development of strategies for managing a data breach incident.

Smart businesses think proactively:

Smart businesses are investing in their client’s security. Consumers want to know they are being protected before, during and after a transaction.

Older Technologies Facilitate Credit Card Fraud

America the Superpower is also the super choice for criminals wanting to steal credit card information. Security experts warn that this problem will get worse before it improves.

1CThat ancient technology of the magnetic strip on the back of credit and debit cards is a godsend to criminals. The easy-to-copy band stores account information using a technology the same as that of cassette tapes. U.S. credit card technology has not kept up with fraudsters. One challenge facing the industry is that it is very expensive for companies to upgrade their credit card security.

When a card is swiped, the strip allows communication between the retailer’s bank and the customer’s bank: 1.4 seconds. That’s enough time for the network to record the cardholder’s information on computers controlled by the payment processing companies.

Hackers can snatch account data (including security codes) as it crosses the network or steal it from databases. Though the security code is required for most online purchases, thieves don’t care as long as the magnetic strips are easily reproducible and placed on fake cards—which they then use for purchases or sell the card data online. Three bucks will get you a fraudulent card with limited customer information and a low balance.

You’ll have to wait at least until the fall of 2015 for U.S. credit card companies to ditch the magnetic strips for digital chips. Retailers want more: each transaction to require a PIN rather than signature.

What can retailers do in the meantime?

  • Internet-based payment systems should be protected from hackers with strong firewalls.
  • Data should be encrypted, so that hackers see gibberish.

This may be easier said than done, because implementing these safeguards isn’t cheap. The U.S. lags behind most other nations when it comes to credit and debit cards; most countries’ cards use the digital chips that contain account information.

Every time the card is used, the chip generates a code that’s unique. This makes it a lot harder for criminals to duplicate the cards—so difficult, in fact, that usually they don’t even bother trying to replicate them. It would really be great if the U.S. could catch on to this technology.

Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

8 Tips to prevent post Holiday Credit Card Fraud

With your cards being used online, over the phone and in person it’s easy to lose track of purchases. The key is keep good records and be diligent about your security. Here are eight great tips that will go a super long way in preventing post holiday account takeover in the form of credit card fraud.

2C#1. To ensure your best chances of escaping fraudulent activity involving your credit card (which can occur even if the card isn’t stolen), follow these tips:

  • Go over every transaction online and account for it. Inquire about unfamiliar purchases with family members who are permitted to use your card.
  • Immediately phone the card issuer if you spot a suspicious transaction.

#2. Document order confirmations. Screenshot the final confirmation page of your purchase, and save the confirmation e-mail.

#3. Personal information protection. Before you buy online, review the website’s privacy policy regarding personal information requests and how this will be used. Consider it a red flag if you can’t find this information.

#4. Online purchase security. A secure website will have an icon of a padlock, followed by https:// before the website address in the URL. There are also many toolbars that offer a greet/red color code this is usually a feature in most browsers.

#5. Phishing scams. If any e-mails come your way requesting your personal or financial information, don’t click the malicious link inside; delete immediately. Some scam e-mails try to convince you there’s a problem with your order. Contact directly the site of purchase to verify whether or not there’s an issue with your order. Do not investigate this through the e-mail message.

#6. Beware of skimming. Carefully observe employees whom you hand your credit card to for purchases. A crooked employee may scan the card to obtain your number.

#7. Always take the credit card receipt, no matter how small the purchase.

#8. If you think your identity has been stolen in regards to new account fraud then you need to step it up.

  • If you suspect fraud, contact Equifax, Experian and TransUnion to issue a fraud alert on your credit reports.
  • Pull your credit reports from these three bureaus to check for any suspicious accounts in your name. Check your credit reports again in six months.
  • Pull your credit reports for inspection (it’s free) every 12 months as a smart measure.
  • Get a credit freeze
  • Invest in identity theft protection.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Card Not Present Transaction Fraud can be stopped

Credit card fraud, despite measures to stomp it out, still runs rampant in America. Forty-seven percent of credit card fraud consists of card-not-present (CNP) fraud. This includes payments via snail mail, phone and Internet.

2CThe U.S. is headed towards EMV (chip) card technology, notes Scott Zoldi in FICO’s Banking Analytics Blog. Though chip-based authentication technology may cause non-CNP fraud to decline, don’t count on this same effect for CNP fraud, adds Zoldi.

There’s light at the end of this tunnel, however. Attempts at card fraud have risen, but the average loss per compromised account dropped by 10 percent. The ratio has been the same for fraud to non-fraud spending. The volume of card fraud that has increased correlates to the volume of increase in shopping with credit cards in the first place, writes Zoldi.

How can you spot CNP fraud? Visa offers the following warning signs for this type of crime:

  • Orders consisting of several of the same product
  • Orders full of big-ticket merchandise
  • Transactions that have similar account numbers
  • Shipping that goes out to an international address
  • Transactions placed on several cards, but the shipping goes to a single address.
  • Multiple cards that are used from one IP address

Oregon-based security firm iovation can stop fraudsters and keep them out for good. Reputation Manager 360 goes beyond personally identifiable information (PII) to prevent fraud. By identifying the devices connecting to the retailers site and assessing their reputation, their service instantly gives businesses the full story about any card-not-present (CNP) transaction.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247

The Top 6 Sources of Grey Charges

Those out-of-the-blue credit card charges that sneak up on us and require our time, attention, persistence and aggravation to squelch are called grey charges. Thanks to these insidious leaks, millions of people lose billions of dollars.

Sleazy, scheming merchants have perfected the art of the grey charge by capitalizing on the fact that we don’t payattention to the fine print and often do not pay much attention to our statements, either. But by being aware of these scammy sales techniques, you can prevent getting caught up in a vicious circle of grey charges.

Here are the top six sources of grey charges:

#1 Unknown subscriptions. In the process of checking outduring an online transaction, you might check or uncheck a box in regard to an offer or discount. Either way, a few months later you start getting all these charges for services you never wanted or ordered.

#2 Zombie subscriptions. After you recognize a grey charge for an unknown subscription, you might get the charge removed—only to find out months later it’s back from the dead and you’re being charged again.

#3 Auto-renewals. When signing up for a service that bills you monthly, quarterly or annually, a forthright retailer will let you know when your renewal date is coming and will inform you of upcoming charges. But shady companies don’t say a word and re-charge you without notification, sticking you with the bill even after you complain—all because you were “too late.”

#4 Negative-option marketing. When buying a product, you ultimately buy a suite of services you never wanted.

#5 Free to paid. When getting something “for free”and you have to cough up your credit card, there is always a catch. That catch is usually in the form of ongoing charges that are difficult to remove.

#6 Cost creep. The initial purchase price might have been $9.99 for the first three months, but then it becomes $19.99 a month thereafter. Then the merchant tacks on an annual $99.99 membership fee.Then you want to crawl through the phone and choke someone.

Stay out of trouble by keeping these tips in mind:

  • Pay attention. Nothing is free.
  • Monitor your purchases. Know what you’re getting into.
  • Check statements biweekly. Look for grey charges
  • Sign up for BillGuard to watch your statements. It’s free, easy and effective.

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Grey Charges Are Upsetting—and Legal

Disclosure notices on websites, advertisements and in the terms of an agreement when making a product purchase are often complicated and confusing. Companies know this and take advantage of consumers, figuring potential purchasers don’t have the time, inclination or knowledge of the legalese that goes along with the fine print. Embedded deeply in the disclosure is the exact nature of credit card charges—and really, has anyone ever read that? My best guestimate is that 95 percent of the population hasn’t, which is why 95 percent of unwanted credit card charges are considered “grey charges.”

Because the legalese spells it all out (and trusting consumers sign on the dotted line),grey charges are not illegal—which by default makes them legal. However you slice it, I’m sure we can all agree that grey charges are upsetting, sleazy, sneaky and deceptive. More than once I’ve yelled and screamed at a customer service representative who gave me a million reasons under the sun as to why I wasn’t entitled to a reversed charge on my credit card. Grey charges cost more than time and money; they also cost users personally through the very expensive commodity of emotional bandwidth.

Companies exercising their grey charge rights (however wrong they may seem to the rest of us) are well-known legal entities that many of us do business with every day. They make billions of dollars confusing and deceiving customers into paying, and consumers are mostly uninformed—until now.

Companies engaged in this behavior know levying grey charges is legal, but unethical. But when they are making so much money, they aren’t about to stop. Consumers are ultimately responsible for checking their credit card statements and looking for grey charges. But according to BillGuard, few credit card holders—1 in 10—rarely, if ever, look at their statements.

Don’t get taken! Here’s how to outwit the grey chargers:

  • Scrutinize your statements carefully
  • Demand refunds when grey charges occur
  • Threaten a “chargeback,” which is a transaction in which a bank pulls money back out of a merchant’s account
  • Get BillGuard to do all the worrying for you—and get back your peace of mind

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

The Devil is in the Details

In unwanted credit card charges, the details are the fine print—and the fine print often results in devilish “grey charges.”Grey charges are those credit card charges that appear on your statement from out of the blue, charging us small or large fees—or sometimes a single charge—monthly or annually.

The fine print can sometimes be expensive. And with unwanted credit cards, charges happen when we think we are paying attention or a sleight-of-hand action by a scammy retailer hooks us.

Boldface lies.The fine print may begin with lies. A website might look professionally done, complete with a believable story based on a plausible scenario andphotos representing real people with genuine-sounding comments. But in reality, it’s smoke and mirrors meant to deceive you.

Bogus trial periods.Trial periods with 30-day money-back guarantees are often rife with lies ending in grey charges. The fine print might read, “Delivery time is subtracted from your trial period”—in other words, if the package takes two weeks to get to you, you only have two weeks to try the product. But the clock starts ticking from the moment the package leaves the facility. After thinking you have 30 days from the delivery date, you decide to return the unwanted item—and you learn too late that you are out of time and out of luck.

Twice-bought scams. You buy a product in January, and when you receive it the product is damaged or of poor quality, so you immediately return it and get your money back. Then six months goes by and you see the same ad. You still want the product and figure you’ll give the company a second try; perhapsthey’ll have their act together by now. But when you get the product a second time, it’s just as bad as the first—and in the fine print it says, “We do not honor refunds to customers who have purchased the same product in the past.”

Free trials. Like Mom said, “There is no free lunch” and “If it’s too good to be true, it is.” This applies to free trial periods as well. Often, the upfront cost of the item is just a few dollars. You make the purchase,and the free trial begins the same day you purchased the product—not when you receive it—so themerchant weaves in the bogus trial period. Then, after the free trial period expires, you learn the actual cost of the item might be 10 to 20 times the initial charge.

Outwit the devil by paying attention to the details:

  • Pay attention to the fine print, as hard as that may be
  • Ask as many questions as you need to before laying down your credit card number
  • Use a credit card and not a debit card
  • Watch your statements closely
  • Get BillGuard to watch the grey charges for you

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Avoid Unwanted Credit Card Charges

I think it’s safe to say that all credit card charges are unwanted, but today I’m talking about so-called “grey charges”—those out-of-the-blue credit card charges that sneak up on us and require our time, attention, persistence and aggravation to get rid of. A study by BillGuard shows the average dollar amount lost by grey charges is around $356.00per consumer annually.

Studies show 1 in 4 people to be victims of grey charges, and because 9 out of 10 people don’t even check their billing statements or only skim them lookingfor large purchases, those grey charges end up eclipsing fraud—as much as 95 percent grey charges to only 5 percent actual fraud!

While fraud certainly is and will always be a hot-button topic that has consumers scrambling to protect their credit cards (which, in reality, can’t completely be protected; all you can do is pay attention to your statements), grey charges have been absent on consumers’ radars in part because the companies that profit from these charges don’t want you to know about them. Fraud consists of 1 percent goods and services not delivered, 1 percent unauthorized charges and 3 percent “other” fraud, which often consists of hacking or unauthorized charges that occur after you hand your card over to a clerk.

Grey charges occur because 1 percent are billing errors, 2 percent are overcharges, 2 percent are duplicate charges, 4 percent are forgotten charges, 5 percent are hidden fees, 34 percent are just totally unrecognizable charges out of nowhere and a whopping 47 percent are unwanted subscriptions such as recurring memberships, “zombie” subscriptions, unwanted auto-renewals, negative option marketing, and “free to paid” offers.

Here’s how to reduce your risk of grey charges and fraud:

  • Always reconcile your bills diligently and on a timely basis
  • Refute unauthorized charges immediately—within one to two billing cycles
  • Use a credit card instead of a debit card, as credit cards offer more consumer protection
  • Use BillGuard to watch your back and protect you from grey charges

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Breach Means More Retailer Card Fraud

Over the past 5 years a scam known as electronic funds transfers at the point of sale (EFTPOS ) skimming. People commonly swipe both credit and debit cards through the in-store machines to pay for goods and services and hackers have figured out how to skim customer cards.

In Australia, Fast-food, convenience and specialist clothing stores are bearing the brunt of the crime. McDonald’s is among the outlets whose EFTPOS machines have been targeted for card skimming.

Officials say the problem is so bad they urged people to change credit and debit card pin numbers weekly to avoid the possibility of having their account balances wiped out, as it was likely more cases would be identified.

In the United States a similar card skimming scam was pulled off at the Stop and Shop Supermarket chain.

 

The most recent large card data breach was from Barnes & Noble.   “Barnes & Noble has detected tampering with PIN pad devices used in 63 of its stores. Upon detecting evidence of tampering, which was limited to one compromised PIN pad in each of the affected stores, Barnes & Noble discontinued use of all PIN pads in its nearly 700 stores nationwide. The company also notified federal law enforcement authorities, and has been supporting a federal government investigation into the matter. Barnes & Noble has completed an internal investigation that involved the inspection and validation of every PIN pad in every store.  The tampering, which affected fewer than 1% of PIN pads in Barnes & Noble stores, was a sophisticated criminal effort to steal credit card information, debit card information, and debit card PIN numbers from customers who swiped their cards through PIN pads when they made purchases.  This situation involved only purchases in which a customer swiped a credit or debit card in a store using one of the compromised PIN pads.”

When the use of these stolen credit cards go online, iovation’s ReputationManager 360 helps banks and online merchants avoid fraud losses by detecting high-risk behavior and stopping cybercriminals in their tracks. iovation’s device identification and device reputation technology assesses risk on activities taking place at various points within an online site such as account creation, logging in, updating account information, attempting a purchase, or transferring funds. These checks can be customized and fine-tuned to suit the needs of a particular business, detecting fraudulent and risky behavior in order to identify and block cybercriminals for good.

Consumers must pay close attention to their statements and refute unauthorized charges within 60 days. I recommend going online at least weekly and looking closely at all your charges no matter how small they are.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

International Credit Card Hackers Hammered

Retailers can temporarily rejoice (for about a minute) now that six cyber villains have been caught in two different international credit card fraud rings.

The Register reports, “After investigations that began in 2009, the police executed three search warrants in metropolitan Sydney, retrieving EFTPOS terminals, computers, cash, mobile phones, skimming devices, and several Canadian credit cards. Other seizures in the two-year investigation have included 18,000 blank and counterfeit credit cards, stolen EFTPOS terminals, and skimming devices. The men arrested are Malaysian and Sri Lankan nationals, and are accused of coordinating the fraud operation in Australia, North America and Europe.”

Meanwhile, “a Brooklyn man has pleaded guilty to aggravated identity theft for his role in an operation that defrauded credit card issuers of almost $800,000 in bogus charges. FBI and Secret Service agents recovered data for 2,341 stolen accounts on his computer and on the magnetic stripes of cards, according to court documents.”

Cooperation between U.S. law enforcement agencies and international governments can be credited in taking down these thieves. However, studies show there are plenty of other criminals involved in fraudulent acts from countries like China, Nigeria, Vietnam, Ukraine, Malaysia, Thailand, Indonesia, Saudi Arabia and South Korea to take their place.

There is an anti-fraud company in Oregon, called iovation Inc., that helps online businesses connect the devices used in fraud rings across geographies, by associating them with the accounts they access. Whether the device is a PC, smartphone, tablet or other Internet-enabled device, iovation’s device identification technology recognizes new and returning devices touching their client’s sites within multiple industries.

Cyber criminals with a history of fraud or abuse are obviously flagged by iovation’s ReputationManager 360 service, but even more interesting are the real-time checks that happen within a fraction of a section as the user is interacting with the website. This might include assessing risk for activities such as setting up an account, logging in, changing account information, or attempting to make a purchase or transfer funds. Real-time checks differ for each website integration point as businesses customize and continually fine-tune them to detect fraudulent and risky behavior so that they can identify and keep bad actors off their site for good.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses organized criminal hackers busted on Good Morning America. Disclosures