Posts

Should You Worry About Contactless Credit Card NFC Skimming

If you have a contactless card, you might have worries about skimming. A contactless card or “frictionless” or “tap and go” is a card that has technology in it that allows payment over secure wireless like Apple Pay, Android Pay etc. Basically, this is where a criminal literally digitally pickpockets you by scanning things like your debit card or passport. What’s scary about this is that anyone can get an app for their phone that will allow them to skim. Is there protection for this? Maybe.

But before you freak out, you probably don’t even have a contactless card. Very few cards deployed in the USA are contactless, so that sleeve you use doesn’t protect you from anything. Now if you are overseas or even in Canada, then look at your card and if there is a WiFi looking logo on there, you have contactless.

The way that the bad guys skim this information is by using RFID, or radio-frequency identification. There are RFID signal jammers out there, but the question is this: do they work and are they necessary?

RFID Signal Blockers

If you put some time into it, you will find a number of RFID signal blockers on the market. Some of these are small and slip right into your wallet. Others are passport sized. There are also RFID signal blocker wallets on the market.

The Test

A blogger recently put these RFID signal blockers to the test…on the London Underground, one of the most crowded places in the world, especially during rush hour. He set up the test by asking one person to place a debit card in their pocket, and then another person used a mobile phone with an RFID signal scanner. The result was that the phone could scan and record the number on the debit card and the expiration date, simply by holding the phone really close to the pocket.

The blogger took the test a step further and tried to block these signals with RFID blocking technology. Even though the experiment was very unscientific, the blogger found that the blocker stopped the skimming.

Protecting Yourself

There are some things you can do to protect yourself from this. First, check your passport. It should have a chip in it. This chip is in all US passport that have been released since 2007. Now, someone can still take information from your passport using RFID skimming, but they have to actually be on the page where the photo is, and it’s pretty rare that they would have access to that.

You can also use a shielding device. They can certainly work, and some people have even found great results by using tinfoil. This will further help to protect your accounts.

Finally, even if you are using an RFID shielding device, make sure that you are checking your statements for anything suspicious. This is especially the case if you often find yourself in crowded places, like the subway.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

Prepaid Cards risk of Fraud

Somewhere out there is a dictionary that when you look up the term wire money, the definition says scam! Even though legitimate money-transfer businesses exist like Western Union, a request to wire money for that new car or vacation package is most probably a rip-off.

2CAnd the crooks behind these rackets are figuring out ways to overcome the increased awareness of consumers to the money-wiring scams. They’ve come up with yet another way to steal your money. Thieves are requesting reloadable prepaid cards.

Would you hand a well-fed-looking masked man on the street your wallet? (Let’s pretend for a moment he’s not pointing a gun at you and is simply asking for your money). Of course you wouldn’t give it to him.

But this is what people essentially do when wiring money or sending in the prepaid cards.

Here’s how it works: The thief makes a request to load your cash onto your card (to pay for whatever), and then send over the card number and PIN. This way, the crook can put your money onto their own cards. They then can go to an ATM and take out cash or spend your money at a store. Meanwhile you never receive the item you thought you were purchasing, like that adorable pedigree puppy you saw online.

But the scams don’t stop at buying puppies, vacation packages, cars or other common items. They can also come in the form of a notice that you won a prize, and that you need to send in a prepaid card to pay a processing fee. Sometimes the scam comes in the form of a utility company payment or even government payment.

Bottom line: Don’t send anyone prepaid cards!

In that same dictionary after the term prepaid cards is scam!

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.

Skimming Big Business targeting Big Business

Skimming means more than just cutting fat off steak; it’s also when a thief obtains data from that magnetic strip on the back of your credit card (or debit or ATM card).

2CThe thief records and copies this data with a counterfeit card reader onto a blank card’s strip, and then makes purchases or cash withdrawals with this fraudulent card—in the account holder’s name.

Skimming takes place at ATMs, taxis, gas stations, restaurants, retail stores—any place where an employee will swipe your card to make your purchase. A credit/debit/ATM card reader can be fitted with a skimmer by the thief. Or, the thief can skim your card using a handheld skimming device.

Next time you hand your card to a clerk, watch it very carefully. At one gas station, two attendants skimmed dozens of customers’ cards with a square-shaped device the size of a dime, then sold the stolen information.

There are several ways to skim this cat:

  • An employee skims a card, then sells the stolen data, usually online on illegal “carding sites.”
  • The skimming or scanning device can be tiny, hidden in the hand.
  • Other skimming devices are superimposed on an ATM’s “mouth” to collect information when customers insert their cards. Thieves can then transfer the data via Bluetooth.
  • Sometimes a scanning-overlay is placed on the keyboard to capture PINs.
  • A less sophisticated approach is to record via tiny camera the customer entering the PIN.
  • Thieves with only half a brain know to wear concealing attire when they collect these devices. They do it quickly since they know that banks can catch on quickly.
  • These devices are also placed inside gas station pumps.
  • Some of these crimes are perpetrated by organized groups, and the gas station ones usually come from Europe.

Make It harder for Thieves

Always use the same ATMs so that you might detect a subtle difference one day.

Use indoor ATMs.

Keep your eyes on your card after giving it to an employee, though this isn’t always possible when the employee disappears into an employee-only area.

Cover the PIN pad with your other hand when entering your PIN.

Finally, routinely check your credit card and bank statements for any unauthorized charges.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Black Friday Launches Holiday Fraud Horrors

The Christmas shopping season traditionally kicks off on Black Friday, the day after Thanksgiving. This also begins a time when criminals swarm the shopping malls as well as the Internet, seeking to take advantage of holiday opportunities.

When shopping in stores, keep the following in mind:

Employees: Seasonal employees are more likely to steal, from their employer and from the customers. It has been said that only 10% of employees are honest, 10% of employees will always steal and 80% will steal based on circumstances. So always count your change.

Credit Card Skimming: When a salesperson or waiter takes your credit card, they can run it through a card reader device that will copy the information stored on the magnetic strip. So when you hand over your card, watch closely to see where it is taken and what is done with it. It’s normal for the card to be swiped through a point of sale terminal or keyboard card reader. But if you happen to see your card being swiped through an additional reader that doesn’t coincide with the transaction, your card number may have been stolen.

Debit Card Skimming: Without the associate PIN, a skimmed debit card number is difficult to turn into cash. With the help of a hidden camera or a “shoulder surfer,” though, your PIN could be recorded at an ATM or point of sale terminal. Cover the keypad while you’re entering your PIN.

Pickpockets: Pickpockets slink through society, undetected and undeterred. They are subtle and brazen at the same time. They are like bed bugs, crawling on you and injecting numbing venom that prevents you from detecting their bite until it’s much too late.

Be aware of your surroundings, especially in crowded places. Pickpockets use distractions like bumps, commotions, and aggressive people. Sometimes a person will fall down, drop something, or appear to be ill.

Consider subscribing to McAfee Identity Protection, a service that offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. For additional tips, please visit www.counteridentitytheft.com.

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss Black Friday on The Morning Show with Mike and Juliet. (Disclosures)