Posts

Carders cashing out on Magstrip Cards

Two thousand credit card payment terminals stand to become infected with malware called Trinity point of sales.

2CTen million credit cards were stolen by hackers, called Fin6, who may end up scoring $400 million. The cards were stolen from retail and hospitality businesses. If each card sells for $21 on secret carder shops, you can see how the hackers will rake in hundreds of millions of dollars.

As you may know, the U.S. is gradually switching over to chip cards. But it will be a while—a very long while—before magnetic strip cards are non-existent in America. Until then, these types of cards remain a favorite target for cyber thieves.

The methods that Fin6 used are technical, but suffice it to say, these hackers are pros. At this point, there has not been any way to stop this hacking group.

This is yet another example of the inherent vulnerability of the magnetic strip card, which, unlike in other industrialized nations, continues to be the main type of credit card in use in the U.S.

Protect yourself:

  • Go to “alerts/notifications” at your bank/cards website and sign up for emails/texts for every charge made.
  • Download your bank/cards mobile app and sign up for emails/texts for every charge made.
  • Check your statements frequently.
  • Federal law protects you from unauthorized charges made with your credit card number but you still have to dispute the charges.
  • In the event the credit card is in a thief’s hands, you’ll be liable, but only for a maximum of $50, provided you report the problem to the credit card company. However, in many cases a “zero liability” policy may kick in.
  • Debit cards fall under a different federal law than credit cards. Regulation E, the Electronic Fund Transfer Act, says after two days, you could be liable for up to $50. After 2 days liability jumps to 500.00. Beyond 60 days, you could be liable for all unauthorized transactions. Otherwise, federal rules are on the bank’s side.
  • Beyond 60 days, there’s likelihood you’ll never see your money again.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Gemaltos’ “EMV For a Week Challenge,” starts now!

As part of Gemalto’s #ChipAwayAtFraud campaign, I’m being tasked with numerous tasks, some tacky, some essential to living. Gemalto, one of the world’s leaders in digital security, wants a real-world take on the EMV card experience. Which includes the security benefits EMV cards presents. You know EMV; it’s the “chip” credit card that by now, you should have. EMV by the way stands for Euro/MasterCard/Visa. The Euro part essentially means that’s where the card was first deployed.

1CIf you don’t have a chip card by now get on the phone, call your bank and in your loudest, angriest voice scream at them and politely ask why they haven’t sent you one yet.

You, Mr. and Mr.’s credit card holder should support for the new technology in your community by explaining it to people, and encourage its use.

As a Gemalto campaigner I’m deploying two articles, one introductory (this one) and one “wrap-up” piece, detailing my experience during the challenge.

The Challenge:

Complete All Ten Tasks First and Win $400 to a Charity of Your Choice: My Charity is Boston Children’s Hospital

  1. Get coffee at a local (not chain) coffee shop
  2. Make any purchase at a big-box store
  3. Get a meal inside a fast food restaurant
  4. Buy a magazine at a gas station
  5. Get $50 worth of groceries
  6. Buy a tacky t-shirt
  7. Get someone special a bouquet of flowers
  8. Hit a tourist attraction in your town
  9. Buy office supplies for your coworker(s)
  10. Mail us a postcard from your local post office

Easy. Let the games begin!

10 Ways to protect Yourself while traveling

Some thieves specialize in hanging around tourist spots to spot the tourists and make them victims of hands-on crime such as purse snatching or a mugging. But don’t wait till you’re aimlessly wandering the piazza with your face buried in a huge map to take precautions against less violent forms of crime.
1S

  1. Before traveling, make copies of your driver’s license, medical insurance card, etc., and give these to a trusted adult. Have another set of copies in your home. Scan them and email to yourself.
  2. Never post your travel plans on social media until you return. You never know who’s reading about you.
  3. Before departing from home, make sure your credit card company and bank know of your travel plans.
  4. Clear your smartphone or other device of personal data that’s not essential for your trip.
  5. Travel on a light wallet. Take two credit cards with you in case one is lost or stolen. Have with you the phone numbers for your bank and credit card company, just in case.
  6. Avoid using Wi-Fi in coffee houses, airports and other public areas other than to just read celebrity gossip or catch the news. Use a VPN. Google it.
  7. When traveling internationally, read up on the safety of food and water and get whatever shots you may need.
  8. Never give your credit card number to the hotel staff (or at least, anyone identifying themselves as hotel staff) over the phone in your hotel room. The call could be coming from a thief posing as hotel staff telling you they need your number again.
  9. Never leave anything out in your hotel room that reveals personal information, such as a credit card receipt, passport, checkbook, medical insurance card, etc. If the room does not have a safe, then have these items on you at all times.
  10. Use only an ATM that’s inside a bank, never a free-standing one outdoors somewhere. Cover the keypad with your other hand as you enter the PIN to thwart ATM skimmers.

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

21 ways to Prepare your Credit Cards for Overseas Travel

Imagine being overseas, and in the process of using your credit card to make a purchase—and it’s declined—and you have no currency or checkbook. Nightmare.

2CThe decline could be to prevent fraudulent use; perhaps it was recently reported lost, but then found or the country you are in is known for fraud. To clear this up, you must call the card company and tell them that the purchase you want to make is legitimate.

Realize that the card issuer cannot allow more transactions until they verify that the attempted charge is valid.

Prior to travel as well as during, there are things you should do to minimize the problem of declined charges.

  1. Make sure your cell phone is set up for international use so you don’t miss a call from your card issuer.
  2. Make sure all your cards are signed.
  3. Before leaving, notify your card company that you’ll be traveling overseas; this way they can monitor your transactions.
  4. Before leaving, make sure your debit and gift cards are authorized for international use with merchants and ATMs.
  5. Bring with you the phone numbers for all of your cards. This includes non-800 numbers.
  6. Make sure you know whether or not your cards come with a foreign transaction fee.
  7. Have all the card numbers documented.
  8. Get a chip-and-pin card from your card company and bank. Chip and PIN is most prevalent outside the USA.
  9. See to it that your card won’t be overdrawn while you’re traveling. Consider any auto drafts that can inflate the balance.
  10. Have your PIN memorized.
  11. If you plan on cash advances from an ATM, makes sure to have a PIN enabled for your card.
  12. Don’t have the card company contact you by SMS text messaging if you don’t have an international data plan. Or just get a data plan. Make sure the company has a working cell phone number and e-mail address.
  13. Enable the feature, in your account settings, that yields an alert (e-mail or text) every time you pay with the card.
  14. Install your bank or credit card companies mobile app to alert you of any approval issues or potential fraud
  15. Don’t let a service person, like at a restaurant, leave your table with your card to swipe it. Go with them if needed. This may not always be possible.
  16. Always review your receipts against your card statements to make sure there are no duplicate charges.
  17. Check your accounts online when you travel to reconcile all account activity. Do this from a device you have control over opposed to a hotel or business center PC.
  18. If your billing ZIP code is required, make sure you carefully punch it into the keypad. If more than one invalid entry is made, the card can be disabled.
  19. If someone calls and tells you that your card has been suspended due to fraud, and they ask for your credit card number, address or SSN, consider this a scam. The card issuer will not likely want personal information, and instead will want you to confirm past transactions.
  20. Whenever using free public WiFi have Hotspot Shield installed on your wireless device to prevent data snooping and encrypt your wireless data.
  21. A fraud-hold on your card cannot be cleared until you contact the card company or bank to straighten things out. Make sure you know what the phone dialing patterns are for the country you plan on visiting—before you embark on the travel.

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America. Disclosures.

8 Tips to Credit Card Security

Despite the fact that tens of millions of consumers were hit by the numerous big breaches, and tens of millions more by less sensationalized breaches, you can still take the reins and yield some protection for your credit cards.2C

  1. Make online payments with single-use or prepaid cards. What a great idea!
  2. If you have multiple recurring payments for ongoing services, use only one credit card for those.
  3. For shopping, use a one-time or prepaid card. Though the single-use credit card number is linked to your real card number, it will prevent the real number from becoming exposed should the site get hacked. Discover, Citibank and Bank of America offer single-use (disposable) card numbers.
  4. A prepaid card is different, in that it’s independent of your real card number. If the prepaid card gets stolen, you can replace it without this affecting your primary credit card account.
  5. If you have a debit card…don’t shop with it. Use it only to take funds out of a bank ATM. If a crook gets ahold of your debit card…the money will instantly be stolen from your bank account. If a thief gets your credit card, however, and makes unauthorized purchases, there’s a time lapse between when the purchases are made and when the money is actually withdrawn—enough time for you to file a dispute (if you regularly monitor your statements).
  6. Though you’ll get reimbursed for fraud that occurs with a debit card, this will happen after your bank account has been sucked dry. So avoid using a debit card at gas stations, casino machines and other such places where it’s easy for a crook to tamper with the card reader.
  7. Better yet, just limit its use to the bank ATM. Think of your debit card as an ATM card. This doesn’t mean that an ATM can’t be tampered with; be on the lookout for signs of tampering such as tiny cameras to capture PINs, or something odd about the card reader.
  8. Set up email or text notifications via your bank or credit card companies website to alert you to all charges. This way, whenever a charge comes in, you’ll know about it.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

10 simple Ways Identity Thieves steal your Credit Card

There are 10 basic ways a crook can easily rob your identity by getting at your credit card or open a new credit card in your name, but there are also ways you can prevent this from occurring.

2CSimple Thievery

Leave a window open and a thief can slide through, then steal your stuff. He can even slide an arm through your car’s open window while you’re filling the tank at a gas station. To prevent this, keep house windows closed as much as sensibly possible; keep important documents locked up; keep car windows rolled up and doors locked when you’re out; and keep your wallet/purse hidden.

Employee Records

Your employer has your private information and in some cases a credit card number, which an identity thief could get access to. To prevent this crime, ask your employer how your personal information is stored. Be on the lookout for things you’d never expect.

Change of Address

An identity thief may file a change of address form in your name. He’ll get all your credit card related mail or your Social Security number. To prevent this, watch for change-of-address notices in your mailbox. If you stop receiving credit card statements, call the company.

Social Media

Your online profile may have all the information a thief needs to steal your identity. Prevent this by deleting personal information. Give answers to the security questions of financial accounts that don’t appear on your social media pages.

Mailbox Theft

A crook can easily abscond with mail (incoming and outgoing) relating to your credit cards and bank account. To prevent, get a locking mailbox and don’t delay retrieving new mail. When mailing letters, use an official Post Office mailbox or go to the post office.
Dumpster Digging

If you see someone foraging through the trash, they’re not necessarily looking for food or cans or metal. They can be searching for paper: a credit card statement, credit card offer or anything with your important numbers on it. To prevent, use a shredder, and go to electronic statements when possible.

Shoulder Snooping

The thief will peer over your shoulder to see your transaction (credit card number, password, whatever data is there). To prevent, cover your card number at a cash register and mask your PIN as you enter it in a keypad or ATM. When using your laptop for ecommerce, sit against a wall. If this isn’t possible, keep the screen at an angle that only you can view or get a 3M Privacy Filter. Google it.

Phony Call

The thief calls you, claiming to be a rep from your credit card company, asking you to confirm personal information. The thief then contacts your credit card company and poses as you…Please just HANG UP!! Call back the credit card company using the number on the back of your card to confirm any potential issues. Never give personal information over the phone if that person has called you.

Pickpocketing

These snakes slither in and out of crowds, often without being noticed, non-violent but very efficient. Prevent being their target by keeping your wallet hidden and not easily accessed.

Cloned Cards

Once all the damage is done and your card number is stolen, criminals can create exact duplicates of your card using foils and laminators burnt onto blank cards that can be purchased online.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Credit Card Fraud Security Bleak

The U.S. is no Superpower when it comes to card payments: the card hacking headquarters of the world.

2CDon’t count on credit card fraud going away too soon. After all, Americans practically sleep, eat and breathe credit card use. And it’s those doggone magnetic strips on the cards that keep getting consumers, retailers, banks and the card companies in a fix. The strips make it so easy for hackers—and they know it.

It’s high time that the U.S. switch to encrypted chips in the cards—ready to be launched soon, but security experts aren’t breathing easy yet. The squabbling among banks, card companies and retailers over who’s responsible for protecting consumers isn’t helping, either.

Recently Congress demanded that the financial and retail industry leaders come up with plans for securing customer data. And they’d better act soon or consumer trust in these cards that drive the U.S. economy will take a big dive.

“This has the potential for people to question the viability of our payment system,” points out Venky Ganesan, venture capitalist with Menlo Ventures. Cards are the bread and butter of America, responsible for about 70 billion payments last year, worth $4 trillion (Nilson Report).

Only 11 percent of merchants are sufficiently compliant with the credit card security standards, says a study from Verizon Enterprise Solutions.

The magnetic strip, as innocuous as it appears to the typical consumer, stores that consumer’s personal financial information. Most other nations ditched this “antiquated” system years ago, using instead the EMV: based on chip technology, securing payment transactions.

The payments industry, however, has named 2015 as a deadline to get the chip technology going. But all things considered, that’s still a long ways off. And retailers are whining over the many billions of dollars it will take to replace point-of-sale technology.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Credit Card Theft increasing for Banks and Retailers

2013 was the year of 740 million records involving data breaches. And that number may be erring quite on the conservative side, according to the Online Trust Alliance. The records come from a list on the Privacy Rights Clearinghouse Chronology Data Base.

2CThe list is that of publically disclosed breaches, including the alleged 110 million that struck the big retailer December 13. Many of the listed breaches are of a non-descript number.

The more electronically connected everything becomes, the greater the potential for data breaches—it’s almost as though all this advancement in online data storage and transmission is setting us backwards.

Cybercriminals are good at keeping pace with the progression of online security tactics, matching every leap and bound. This is why organizations must put security and data protection at the top of their priorities and be ready to handle a major breach.

Unfortunately, no one-size-fits-all defense against cyber-fraudsters exists. Nevertheless, there do exist best practices that can optimize a company’s protection against cybercrime.

Let’s take a look at some highlights of the data breaches of 2013.

  • Though that conservative 740 million records was disclosed, 89 percent of the breaches and loss of data incidents could have been thwarted.
  • 76 percent of breaches were due to stolen or weak account credentials.
  • In 2013 alone, 40 percent of the top breaches were recorded.
  • Insider mistakes or threats accounted for 31 percent of insiders.
  • Social engineering was responsible for 29 percent of breaches.
  • Physical loss such as forgetting where one placed a device, flash drive, etc., was responsible for 21 percent of the data loss incidents.

The 2014 Data Protection & Breach Readiness Guide can help service providers and app developers for businesses grasp the issues, factors and solutions that will fire up data protection tactics and bring about a development of strategies for managing a data breach incident.

Smart businesses think proactively:

Smart businesses are investing in their client’s security. Consumers want to know they are being protected before, during and after a transaction.

67% of Companies Fail Credit Card Security Compliance

All merchants who accept credit cards are now subject to strict Payment Card Industry standards, rules, and regulations, which require a level of security that took about five years to finally implement.

 

PCI exists to increase credit card security and, among other goals, to stave off government intervention. While significant effort has been made to improve the security of credit card data processing, adequate attention has yet to be given to the identification, authentication, and accountability of cardholders.

 

For consumers, the primary concern is account takeover. Account takeover occurs when your existing bank or credit card accounts are infiltrated and your money is siphoned out. A hacked account or stolen credit card is often to blame.

 

InformationWeek reports that according to a new Ponemon Institute survey, “50% of security professionals view PCI as a burden, and 59% don’t think it helps them improve security. Furthermore, comparing this study with the inaugural one conducted in 2009, the number of respondents who said they had sufficient resources to comply with PCI dropped from 40% to 38%. Ponemon also found that the number of organizations that had experienced a data breach in the past two years increased from 79% in 2009 to 85% in 2011.”

 

Retailers who invest in device fingerprinting and device reputation make it much easier to identify bad guys during purchases, making those stolen credit card numbers way less valuable to thieves. By instantly evaluating a device’s history for criminal activity and assessing risk on new devices within a fraction of a second, retailers can stop fraudulent transactions before the order is accepted and product shipped.

 

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses credit card fraud on NBC Boston.

7 Tips To Better Credit Card Security

Every time you use a credit card, you increase the chances of that card number being used fraudulently. Cards can be skimmed and hacked in a number of different ways.

#1 Watch your card. Whenever you hand your credit or debit card to a salesperson or waiter, watch to see where your card is taken and what is done with it. It’s normal for the card to be swiped through a point of sale terminal or keyboard card reader. But if you happen to see  your card swiped through an additional reader that doesn’t coincide with the transaction the card number may have been stolen.

#2 Cover your PIN. There may be cameras or “shoulder surfers” recording your PIN at an ATM or point of sale terminal. Cover up the keypad to foil the bad guys’ plan.

#3 Change up your card number. This is inconvenient but effective. The more frequently you change your number, the more secure that number will be. Once or twice a year is good.

#4 Select online shopping websites carefully. When searching for a product or service online, do business only with those you recognize. Established e-retailers are your safest bet.

#5 Beware of phishing. Never purchase products or services by responding to an email. This generally results in your card number being phished.

#6 Use secure sites. Before entering a credit card number, always look for “https” in the address bar. The “s” in “https” means the site has an additional layer of protection that encrypts the card number.

#7 The most important tip of all is to watch your statements. This extra layer of protection requires special attention. If you check your email daily, you ought to be able to check your credit card statements daily, too, right? Once a week is sufficient, and even once every two weeks is okay. Just be sure to refute any unauthorized withdrawals or transactions within the time limit stipulated by your bank. For most credit cards, it’s 60 days, and for debit cards the limit can be 30 days or less.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses credit card fraud on NBC Boston. Disclosures