Posts

Should You Worry About Contactless Credit Card NFC Skimming

If you have a contactless card, you might have worries about skimming. A contactless card or “frictionless” or “tap and go” is a card that has technology in it that allows payment over secure wireless like Apple Pay, Android Pay etc. Basically, this is where a criminal literally digitally pickpockets you by scanning things like your debit card or passport. What’s scary about this is that anyone can get an app for their phone that will allow them to skim. Is there protection for this? Maybe.

But before you freak out, you probably don’t even have a contactless card. Very few cards deployed in the USA are contactless, so that sleeve you use doesn’t protect you from anything. Now if you are overseas or even in Canada, then look at your card and if there is a WiFi looking logo on there, you have contactless.

The way that the bad guys skim this information is by using RFID, or radio-frequency identification. There are RFID signal jammers out there, but the question is this: do they work and are they necessary?

RFID Signal Blockers

If you put some time into it, you will find a number of RFID signal blockers on the market. Some of these are small and slip right into your wallet. Others are passport sized. There are also RFID signal blocker wallets on the market.

The Test

A blogger recently put these RFID signal blockers to the test…on the London Underground, one of the most crowded places in the world, especially during rush hour. He set up the test by asking one person to place a debit card in their pocket, and then another person used a mobile phone with an RFID signal scanner. The result was that the phone could scan and record the number on the debit card and the expiration date, simply by holding the phone really close to the pocket.

The blogger took the test a step further and tried to block these signals with RFID blocking technology. Even though the experiment was very unscientific, the blogger found that the blocker stopped the skimming.

Protecting Yourself

There are some things you can do to protect yourself from this. First, check your passport. It should have a chip in it. This chip is in all US passport that have been released since 2007. Now, someone can still take information from your passport using RFID skimming, but they have to actually be on the page where the photo is, and it’s pretty rare that they would have access to that.

You can also use a shielding device. They can certainly work, and some people have even found great results by using tinfoil. This will further help to protect your accounts.

Finally, even if you are using an RFID shielding device, make sure that you are checking your statements for anything suspicious. This is especially the case if you often find yourself in crowded places, like the subway.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

A “Credit Profile Number” is a fake SSN, and it Works

Cyber criminals are constantly trying to stay one step ahead of the good guys, and there is now another scam out there that you should know about: synthetic identity theft. Basically, the criminals take information from someone, and then make up the rest. They also often use fake Social Security numbers, called CPNs, or “credit profile numbers,” or names.

This type of identity theft shows us that our credit system is more vulnerable than we might think. Basically, it is easy to create a credit file on these identities, and once they have that, they can get a credit card or loan.

Of course, using a CPN like this on an application for credit card or loan is illegal, but lenders currently don’t have a conclusive way of distinguishing a real Social Security number from one of these fake ones. The Social Security Administration generates SSNs randomly. This makes it difficult for a lender to notice a fake one. Technically, a lender can contact the SSA and cross-check, but most of them don’t. Why? Because the SSA requires a handwritten signature from the person who has that SSN, and this is a pain in the neck for lenders.

So, of course, the best thing to do is to create a way for lenders to instantly check to see if a Social Security number is valid or not, and as of now, they do not have the capacity to do this. Lenders do, however, use their own fraud-detection tools, but these requests for credit still fall through the cracks.

This practice also has created more open windows for fraudsters, because they know that the system is vulnerable. It’s true that many lenders won’t accept a credit application from someone with no history of borrowing, which is the case with a CPN, but some still do, and the more activity the file sees, the more likely it is that credit will be given. Once credit is approved, a full credit report is created. Though it likely won’t be a high amount of credit, many lenders take a chance on new borrowers, and at a minimum, extend a couple of hundred dollars. Some people will even get a card that has, say a $300 limit, and use the card for a time. Once they establish a good payment history, they can get a credit increase, and that’s where the fun really begins.

This is just one more scam that you should be aware of, and one more reason to keep your private and personal information safe.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Never put these Docs in your Wallet

Yes, believe it or not, you CAN get by in life with a wallet that just has a little cash, a store card or two, one to two credit cards and your ID.  Unless you absolutely need your insurance card or Social Security card, leave those items at home.

1DFor years now, wallets have been on the market that you can stuff everything into, save for the kitchen sink. This doesn’t mean you must carry a ridiculous bulging wallet everywhere you go.

Now you may not mind having to dig through your wallet for five minutes to retrieve things because there’s so much stuff in there, but do you know who actually would enjoy this?

A crook who specializes in identity theft. With just your Social Security card (come on already, just memorize the number), a crook could open up credit lines in your name and make your life a nightmare.

Now you may think it doesn’t matter because your wallet will never be lost or stolen. Everyone must lose their wallet at some point in their lives? But what if you’re in an accident? What if you’re jumped on the street? What if someone brazenly approaches you, grabs the wallet out of your hands and runs?

If my wallet is lost or stolen I won’t care because there’s nothing in my wallet that the thief could easily use to steal my identity, nor is there anything I couldn’t easily name or easily replace.

Keep the following items out of your wallet:

  • Anything with your Social Security number; again, just memorize it already.
  • Home address
  • Keys
  • PINs and passwords (if you need an assortment of these to function while away from home, use an encrypted app—assuming you have a smartphone).
  • Checks
  • Credit cards you won’t be using on any given day you’re out in the community (though one emergency credit card at all times is a smart move).
  • Birth certificate
  • Credit card receipts
  • Medical cards unless you are going to the doctor
  • Store cards unless you are going to that store

Make photo copies of all docs in your wallet and upload them to your secure email account. Consider an app like “Key Ring” and enter the cards into your mobile device. Put ALL your loyalty cards there and copies of most cards you might need in a pinch.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

Gemaltos’ “EMV For a Week Challenge,” starts now!

As part of Gemalto’s #ChipAwayAtFraud campaign, I’m being tasked with numerous tasks, some tacky, some essential to living. Gemalto, one of the world’s leaders in digital security, wants a real-world take on the EMV card experience. Which includes the security benefits EMV cards presents. You know EMV; it’s the “chip” credit card that by now, you should have. EMV by the way stands for Euro/MasterCard/Visa. The Euro part essentially means that’s where the card was first deployed.

1CIf you don’t have a chip card by now get on the phone, call your bank and in your loudest, angriest voice scream at them and politely ask why they haven’t sent you one yet.

You, Mr. and Mr.’s credit card holder should support for the new technology in your community by explaining it to people, and encourage its use.

As a Gemalto campaigner I’m deploying two articles, one introductory (this one) and one “wrap-up” piece, detailing my experience during the challenge.

The Challenge:

Complete All Ten Tasks First and Win $400 to a Charity of Your Choice: My Charity is Boston Children’s Hospital

  1. Get coffee at a local (not chain) coffee shop
  2. Make any purchase at a big-box store
  3. Get a meal inside a fast food restaurant
  4. Buy a magazine at a gas station
  5. Get $50 worth of groceries
  6. Buy a tacky t-shirt
  7. Get someone special a bouquet of flowers
  8. Hit a tourist attraction in your town
  9. Buy office supplies for your coworker(s)
  10. Mail us a postcard from your local post office

Easy. Let the games begin!

How to Remove Fraudulent Lines of Credit

You just learned you have a new credit card account by checking your credit or because a bill collector called you. Problem is that you don’t remember ever applying for it. You must find out what’s behind this new account and how it got there.

  • Call the corresponding phone number listed with the account seen on your credit report.
  • Begin the process for disputing the entire account.
  • Get the name (and employee ID number) of every person you speak to and a transaction or reference number for every phone call.
  • Speak to the fraud specialist for the issuer of this new account.
  • Maybe you did apply for it. If you didn’t, find out if there are any charges on it.
  • If the issue isn’t cleared up with one phone call, see what your options are to put a freeze on the account while things are being checked into.
  • Get your free credit reports from TransUnion, Equifax and Experian to see how this new account appears.
  • If you’re still in a quandary over this, put a fraud alert and security freeze on all three reports.

Taking Matters Further

  • If it’s fraud, file an ID theft complaint with the Federal Trade Commission. You’ll get an identity theft affidavit online; immediately print it because it can be viewed only once through the FTC’s system.
  • Next, bring the ID affidavit form to the police, plus other documents relevant to your case, and file a report. Don’t assume your problem is too trivial.

What if the credit card issuer is not helpful?

  • Send a certified letter requesting they freeze or even close the account.
  • Include with that letter a copy (not the originals) of the FTC affidavit and police report.
  • The letter should request written proof of the authorization for opening this account.
  • Another request: written statement absolving you from any responsibility towards charges on this mysterious account.
  • Did you know that the creditor has 30 days or less to send you a written summary of its investigation?

If you’ve been assured that the account will be removed, don’t just take their word; follow up to make sure this was done.

You should not be responsible for any debts incurred by this fraudulent account. Any negative notes on your credit report, related to this account, should be wiped clean.

What if after all that, the account still remains open and you feel the case was not handled properly? File a complaint with the Consumer Financial Protection Bureau. Hopefully you won’t have to hire an attorney, though that’s also a next step.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

20 Security Tips For Overseas Travelers With Credit Cards

Thinking of bringing a credit card with you on your travels? You can end up in a jam: You just treated your extended family to fine dining in France. Time to pay; your credit card is declined.

2CIf you try to make a purchase overseas, your credit card company might think it’s fraudulent, since it would appear anomalous, relative to your usual, U.S. purchases.

So before you leave for your trip:

  • Back up credit card data. It’s always important to have a backup of your card data, both online and in print. Photocopy each card and carry with you or store in your luggage. The Carbonite mobile app lets you access your backed-up data from anywhere in the world.
  • Review your auto drafts and consider these when traveling to avoid maxing out the card.
  • All your cards should be signed.
  • Get a “data plan” and make sure your credit card company’s e-mail and phone numbers actually work.
  • See if your company will issue you a chip-n-pin card, since this technology is widespread in foreign countries.
  • Memorize the PIN and make sure it’s enabled for foreign ATM withdrawals.
  • Install the credit card company’s mobile application so that you can be alerted to any suspicious issues.
  • Gift cards and debit cards should be authorized for international use.
  • Set your phone up for international use.
  • Activate the feature in your card account that alerts you every time the card is used.
  • Alert the credit card company when you’ll be overseas so they can monitor your purchases.
  • Store the company’s 800 and non-800 numbers in your phone.
  • Also make sure you have their e-mail address.
  • The card(s) numbers should be documented in hardcopy.
  • Find out if the card has a foreign transaction fee.
  • Know the to-be-visited country’s phone dialing patterns.

While on your trip:

  • Never give anybody your card for a purchase unless you can see everything they’re doing.
  • At ATMs, carefully punch in the keypad numbers; you may not get too many chances to get the PIN correct.
  • Save all receipts and inspect them. Use your computer or phone and secure Wi-Fi to monitor your account online. This can be done with Hotspot Shield, which will encrypt all transmissions.

Know that your card company will never request highly personal information such as your Social Security number. If anyone contacts you with such requests, it’s a scam.

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite Personal plans. See him discussing identity theft prevention. Disclosures.

Credit Card Fraud isn’t the same as Identity Theft

Just as important as taking down the decorations, throwing out all the debris from opened gifts and getting the house back in order after the holiday activities, is that of scrutinizing your credit card statements.

2CWhy? To make sure that all the purchases on there were made by you and only you. The holiday season means more credit card use = more identity theft. In this case, it’s “account takeover.”

The crook gets your credit (or debit) card information in one of several ways: digging through trash to get credit card information; tampering with ATMs; hacking; and perhaps the thief is the person you gave the card to to pay for your restaurant meal.

Yet another way the thief could get you is to obtain a new credit card line—using your name, address and Social Security number. He maxes out his new card and doesn’t pay the bill. One day you get a call from a collection agency, along with knowledge that your credit has been ruined. This is called “new account fraud”

Account takeover can be discovered via unauthorized charges on your statements, or the thief’s spending habits may alert the company (via its anomaly detection software) to something suspicious, such as a lot of spending halfway across the globe one hour after you purchased something in your home town.

You have 60 days to report suspicious activity to save yourself from paying the unpaid bills. The zero liability policy protects you. The most you’ll pay out is $50. But if you delay reporting the fraudulent activity, you’re screwed.

Thus, you must make time to just sit down and look over every charge on your statements, even if this means that the only time you have to do it is when you’re on the toilet. But you DO have time. You have time to read someone’s drivel on Facebook or something about Duchess Kate’s hair…you certainly have time to read your card statements every month.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention.

Card Company’s boosting Payment Security with Mobile

Whoever thought that one day, paying with green paper would be viewed as primitive as a horse and buggy? We seem to be getting closer to that time, especially since the security of making payments via smartphone is always being improved.

5WOne way is with fingerprint scanning. Some smartphones already have this biometric feature. But what about credit cards and biometrics? Visa is currently experimenting with biometrics, but nothing yet has been deployed to the public. Nevertheless, a credit card company trying to develop something with biometrics will likely need to get involved in the smartphone arena.

There will always be the consumers who want to stick to the old-fashioned method of using cash, just like there are always those strange people who insist on buying the kind of stamps that you must lick (or wet with tissue paper) rather than the self-stick ones. But hopefully, credit card companies will cater to both kinds of people amking the new technology stupid simple.

If the credit card companies come out with biometrics tied into the mobile device, it will likely be a fingerprint scanner vs. face or voice recognition, but the fingerprint password will be sufficient security after long term testing.

New technology is never carved in stone, but let’s at least get it out there and see how it works. Let’s see how new technology like biometrics in a mobile (like Apple pay) can combat credit card fraud.

In the meantime, card companies and consumers (and banks) must continue to wrestle with the rampant crimes involving credit cards. Recently, MasterCard teamed with Syniverse, a mobile technology company, with the goal of stifling fraudulent use of credit cards.

MasterCard’s approach relies upon the smartphone geolocator. The company’s plan enables the card to be used only if it’s within a certain range of the owner’s smartphone. Though at first, this sounds fool-proof, it has a flaw: What if the thief is within that range? Obviously, if the card is swiped a thousand miles away from the holder’s mobile device, the thief will fail. This new technology hinges upon the thief being outside that range.

A perk of this new technology is that it eliminates the hassle of the holder having to notify the company that they’re traveling so that transactions won’t be declined—because the transaction will occur near the holder’s smartphone—unless a thief makes off with the smartphone and just happens to get out of range.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

The Credit Card Fraud Mob Boss

There once was a guy named Albert Gonzalez who dressed like a woman—but not because he got off on this, but because he wanted to conceal his actual appearance while he used a ream of phony cards to steal money from an ATM in 2003. A cop noticed the activity and didn’t quite buy the disguise.

2CThe police officer nabbed the thin, disheveled Gonzalez, and it turned out he possessed a computer at his New Jersey home loaded with stolen card data. He was also a moderator for Shadowcrew.com, a site for cybercriminals on how to hone their skills.

Gonzalez wasn’t arrested, but instead, the 22-year-old, who was unfortunately a drug addict at the time, was so smart at his craft that he was hired by the Secret Service. They even paid his living expenses. Over time he got off drugs and looked healthier and became clean shaven.

With his help, the Secret Service caught over a dozen Shadowcrew members. Gonzalez then moved to his hometown of Miami, at the urging of his superiors, in the name of evading revengeful Shadowcrew members who might suspect him of being the leak to the government.

Gonzalez became a paid informant for the Secret Service in 2006. He spoke at conferences and seminars and was seemingly living the life.

But while he aided the Secret Service, he led a criminal team that cracked into 180 million payment-card accounts of major corporate databases, among them being Target, JCPenney, OfficeMax and TJ Maxx.

“The sheer extent of the human victimization caused by Gonzalez and his organization is unparalleled,” his chief prosecutor said. What a shame: A genius who used his talents to live a life of crime.

Gonzalez was sentenced to two consecutive 20-year terms, the longest for any U.S. cybercriminal.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

8 Tips to Credit Card Security

Despite the fact that tens of millions of consumers were hit by the numerous big breaches, and tens of millions more by less sensationalized breaches, you can still take the reins and yield some protection for your credit cards.2C

  1. Make online payments with single-use or prepaid cards. What a great idea!
  2. If you have multiple recurring payments for ongoing services, use only one credit card for those.
  3. For shopping, use a one-time or prepaid card. Though the single-use credit card number is linked to your real card number, it will prevent the real number from becoming exposed should the site get hacked. Discover, Citibank and Bank of America offer single-use (disposable) card numbers.
  4. A prepaid card is different, in that it’s independent of your real card number. If the prepaid card gets stolen, you can replace it without this affecting your primary credit card account.
  5. If you have a debit card…don’t shop with it. Use it only to take funds out of a bank ATM. If a crook gets ahold of your debit card…the money will instantly be stolen from your bank account. If a thief gets your credit card, however, and makes unauthorized purchases, there’s a time lapse between when the purchases are made and when the money is actually withdrawn—enough time for you to file a dispute (if you regularly monitor your statements).
  6. Though you’ll get reimbursed for fraud that occurs with a debit card, this will happen after your bank account has been sucked dry. So avoid using a debit card at gas stations, casino machines and other such places where it’s easy for a crook to tamper with the card reader.
  7. Better yet, just limit its use to the bank ATM. Think of your debit card as an ATM card. This doesn’t mean that an ATM can’t be tampered with; be on the lookout for signs of tampering such as tiny cameras to capture PINs, or something odd about the card reader.
  8. Set up email or text notifications via your bank or credit card companies website to alert you to all charges. This way, whenever a charge comes in, you’ll know about it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.