Posts

The Switch to the Chip Card – One Year Later

The October anniversary of the liability shift has passed, and anniversaries are an excellent time to look back on progress…this is no exception. The U.S. EMV migration plan was set four years ago as a way to fight card fraud and to protect both consumers and merchants.

the-shift-to-chip-infographic-11-1-2016Back in the day, we had one choice when we wanted to purchase something, and that was cold, hard cash. However, a few decades ago, people began using credit cards for everyday purchases instead of for only big ticket items, such as refrigerators. Though this was certainly convenient, it also opened the door for the bad guys to not only access your credit card information, they could use this information to make purchases and even to learn more about you and steal your identity. Over the past couple of years, once again, we in the U.S. are changing things up when it comes to how we use credit and debit cards. Our new cards, the ‘chip cards,’ as in use in most other places in the world, are making it safer than ever before to make purchases.

Love ‘em or hate ‘em, these new chip cards and terminals are working to eliminate card fraud, and they are working very well. The way we pay in the U.S. needed a huge overhaul, and this security upgrade was an attempt to make things safer. Data and research confirms that this new technology has had a great impact on reducing card fraud.

Don’t get me wrong. This transformation has not been without a few headaches for merchants and consumers but believe me…things are improving, and they will continue to improve as businesses complete their shift to the chip. How much? Mastercard fraud data indicates that there was a 54 percent decrease associated with counterfeit fraud when comparing data from April 2016 to April 2015.

We Have a Strong Start, But There is Still Work to be Done

When considering everything, the U.S. is off to a solid start, but we still have work to do. When looking at the more than 150 world markets that use chips in cards, we know that more chip transactions must be done before we can see a significant drop in fraud. To do this, we will need about 60 percent of chip terminals interacting with a minimum of 60 percent of chip cards in market. If you have one or have seen chip cards, you likely know that we have gone well beyond that 60 percent mark on cards, but only about 30 percent of store terminals are set up to accept chips.

Another thing that we need to do is continue to speed up the certification process for merchants. The faster we can get chip terminals in stores, the faster we will see these card fraud levels drop.

We also need to increase the speed of which these transactions occur. If you have used a chip terminal, you know that it feels like a slower process than the ‘swipe’ we are used to. The payments industry is hard at work to address this issue, and new technologies are being created to speed up transaction times when using these payment methods. Remember, even though the process feels a bit slower right now, you are significantly safer when using a chip card.

Ultimately, if we can have a little bit of patience with the process and endure these short-term issues, we will all greatly benefit when it comes to payment security. We are already moving in the right direction, and if we keep adding terminals and encouraging the use of chip cards, we will definitely see even more improvement when we compare with next year. Before you know it, most forms of card fraud will be all but gone thanks to the switch to the chip.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

20 Security Tips For Overseas Travelers With Credit Cards

Thinking of bringing a credit card with you on your travels? You can end up in a jam: You just treated your extended family to fine dining in France. Time to pay; your credit card is declined.

2CIf you try to make a purchase overseas, your credit card company might think it’s fraudulent, since it would appear anomalous, relative to your usual, U.S. purchases.

So before you leave for your trip:

  • Back up credit card data. It’s always important to have a backup of your card data, both online and in print. Photocopy each card and carry with you or store in your luggage. The Carbonite mobile app lets you access your backed-up data from anywhere in the world.
  • Review your auto drafts and consider these when traveling to avoid maxing out the card.
  • All your cards should be signed.
  • Get a “data plan” and make sure your credit card company’s e-mail and phone numbers actually work.
  • See if your company will issue you a chip-n-pin card, since this technology is widespread in foreign countries.
  • Memorize the PIN and make sure it’s enabled for foreign ATM withdrawals.
  • Install the credit card company’s mobile application so that you can be alerted to any suspicious issues.
  • Gift cards and debit cards should be authorized for international use.
  • Set your phone up for international use.
  • Activate the feature in your card account that alerts you every time the card is used.
  • Alert the credit card company when you’ll be overseas so they can monitor your purchases.
  • Store the company’s 800 and non-800 numbers in your phone.
  • Also make sure you have their e-mail address.
  • The card(s) numbers should be documented in hardcopy.
  • Find out if the card has a foreign transaction fee.
  • Know the to-be-visited country’s phone dialing patterns.

While on your trip:

  • Never give anybody your card for a purchase unless you can see everything they’re doing.
  • At ATMs, carefully punch in the keypad numbers; you may not get too many chances to get the PIN correct.
  • Save all receipts and inspect them. Use your computer or phone and secure Wi-Fi to monitor your account online. This can be done with Hotspot Shield, which will encrypt all transmissions.

Know that your card company will never request highly personal information such as your Social Security number. If anyone contacts you with such requests, it’s a scam.

Robert Siciliano is an expert in personal privacy, security and identity theft. Learn more about Carbonite Personal plans. See him discussing identity theft prevention. Disclosures.

Credit Card vs. Debit Card Fraud

One difference between a credit card and a debit card is that if there’s an unauthorized charge on your credit card, you just get a little sting. It’s a hassle to straighten out. But no money is taken from you.

2CBut if someone gets ahold of your debit card information, the second they use it, depending on the nature of the transaction, your bank account will be drained. And in some cases, you can kiss that money goodbye; you got scorched. More than ever, crooks are using others’ debit card data and sucking dry their bank accounts via ATMs—in an instant.

An article on blogs.wsj.com outlines the differences between a credit card and a debit card:

  • Federal law protects you from unauthorized charges made with your credit card number rather than with the actual card.
  • In the event the credit card is in a thief’s hands, you’ll be liable, but only for a maximum of $50, provided you report the problem to the credit card company. However, in many cases a “zero liability” policy may kick in.
  • Debit cards fall under a different federal law than credit cards. Regulation E, the Electronic Fund Transfer Act, says after two days, you could be liable for up to $50. After 2 days liability jumps to 500.00. Beyond 60 days, you could be liable for all unauthorized transactions. Otherwise, federal rules are on the bank’s side.
  • Beyond 60 days, there’s likelihood you’ll never see your money again.

How does the thief get one’s card information in the first place?

  • The thief places a “skimmer” in the swiping device of an ATM or other location such as a gas pump or even the swiping device at a checkout counter. The skimmer snatches card data when the card is swiped.
  • The thief returns at some point and retrieves the skimmer, then makes a fake card.
  • Thieves may capture PINs with hidden cameras focused on the ATMs keys. So when entering PINs, conceal the activity with your free hand.
  • A business employee, to whom you give your card to purchase something, may be the thief. He disappears from your sight with your card to swipe it at some unseen location. While away from you, he skims the data.
  • The thief sends out mass e-mails designed to look like they’re from the recipient’s bank, the IRS or retailers. The message lures the recipient into clicking a link inside the e-mail.
  • The link takes them to a site set up by the thief, further luring the victim into typing in their card’s information.
  • The thief calls the victim, pretending to be the IRS or some big outfit, and lures the recipient into giving out card information.

It’s obvious, then, there are many things that can go wrong. Your best solution is to pay close attention to your statements, online or via a mobile app, frequently.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Credit Card Numbers $3.00 Each

WE DO NOT SELL DUMPS.

DO NOT EMAIL OR CALL

WE DO NOT SELL DUMPS

Buying credit card numbers with high credit limits must be so much easier than going through the hassle of having good credit, applying for credit cards, getting approved, buying stuff, going to work all day/week/month/year/lifetime and making the money necessary to pay the bills. I would think that kind of lifestyle would allow someone to travel the world, eat great food, buy lots of cool art and sip Champagne all day and have a great tan.

Hackers break into the computer networks of U.S. companies almost daily.  They sell credit-card numbers, the account holders’ names and addresses, and the security code that comes with each card. And they often market though comments sections on news posts.

Below is from the comments section of a blog I wrote on credit card fraud:

Comment by hacksXXX:

contactme
ICQ : 634911XXX
Email: hacksharp@XXX
YH: hacksXXX
MSN: nickymoney@XXX

I sell fresh dumps, track, login bank, paypal acc, bank transfer, cc plastic, wu bug ccv, cvv full info and more. No test. My only pay is wu, moneygram and LR

I sell fresh
Ccv US is $ 3 per ccv (Visa)
Ccv US is $ 3 per ccv (master)
Ccv US is $ 3 per ccv (Amex + Discover)
Ccv UK is $ 6 per ccv (Visa + Master)
Ccv UK is $ 7 per ccv (Amex + swith)
Ccv Ca is $ 8 per ccv (Visa+ Master)
Ccv Ca is $ 9 per ccv (Visa Business + Visa Gold)
Ccv EU is $ 12 per ccv (Visa + Master)
Ccv EU is $ 13 per ccv (Amex + Discover)
Ccv Au is $ 13 per ccv
Ccv Italy is 17 $ per cc
seden 16$
spain 15$
france 17$
Ccv Germany is 18$ Per Ccv
Ccv DOB with US is 35 $ per ccv
Ccv DOB with UK is 39 $ per ccv
Ccv DOB + BIN with UK 45$ per ccv
Ccv US full info is 35 $ per ccv
Ccv UK full info is 45 $ per ccv
1 Uk check bins= 22.5$/1cvv
1 Sock live = 1$/1sock live > 5day
I sell dumps with pin
Track 1: Bxxxx001140057948^FAZAKERLEY/ANDREW.MR ^xxxx2013570000000000
Track 2: xxxxxx1140057948=xxxxxx13570000000001
Track 3: ;?
PIN: 57xx
YH: ema_hacking:………………..7K To 10K ========300$
– Balance In Wachovia:………….24K To 80K==========180$
– Balance In Boa………………….5K To 45K==========400$
– Balance In Credit Union:………Any Amount:=========420$
– Balance In Hallifax…………..ANY AMOUNT=========720$
– Balance In Compass………….ANY AMOUNT=========700$
– Balance In Wellsfargo……….ANY AMOUNT=========800$
– Balance In Barclays………………8K To 10K=========550$
– Balance In Abbey:…………………………82K ===========650$
– Balance in Hsbc:…………………..50K========650$ and more

Being a black hat hacker is so dark to me. It requires lots of lying, having to scheme and scam all the time. You’d have to get embossing equipment to clone the credit cards, fake IDs, anonymize your IP address and on and on.  You’d really have to constantly have to watch your back. Seems like a lot of work. Doesn’t seem like much of a fantasy life style after all.

Robert Siciliano, personal security and identity theft expert is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video.

5 Ways to Protect Your Credit Card

Credit card fraud happens in a number of ways. Sometimes your bank or credit card company will notify you of fraud and other times they won’t. So it’s up to you protect yourself. Smart retailers on the other hand are already protecting consumers behind the scenes by implementing multiple layers of fraud protection.  

1. Whenever you hand over your credit card to anyone — a waiter, gas station attendant, store clerk, etc. — keep a close eye on them as long as they are in possession of the card, or at least watch the card as it is being processed. You want to see where your card is going, and how it’s being used. The idea is to make sure the card isn’t being “skimmed” with a device designed to collect card data. This is good advice when it’s possible, but since waiters typically take the card out of sight to process, it really only works in scenarios where the clerk never leaves the terminal.

2. Cover your PIN. This is absolutely necessary at any point-of-sale terminal or ATM. The public nature of these devices makes it very easy for someone to “shoulder surf” and see your PIN. A cell phone video camera over your shoulder, a video camera 50 feet away, binoculars, or even a hidden camera attached the to face of the ATM can all compromise your PIN.

3. Change your card number. With millions of card numbers hacked over the last few years, chances are yours has been compromised at some point. I have had three changes of credit cards due to proactive card issuers sending me a new card whether I liked it or not.

4. Check your credit card statements every day. This is an extra layer of protection that requires savant-like attention. You check your email every day, so checking your credit card statements every day is manageable, right? Even once a week is sufficient, and every two weeks is okay. Just be sure to confirm your bank’s cut-off date to refute unauthorized withdrawals. For most credit cards, it’s 60 days.

5. Protect your PC. Viruses on your computer will almost certainly result in account takeover. Install antivirus, anti-phishing, anti-spyware, and a firewall.

One very effective fraud detection technique smart retailers are using is to implement device identification and device reputation, which alert businesses to known fraudsters on their websites. iovation Inc. takes this service to another level by analyzing the device’s reputation to assess the potential risk of every transaction.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Who the Heck is This Credit Card Charge From?

If you travel as much as I do and use your credit card for every purchase from apples to zebras, you know it’s rare to recognize the name of a merchant listed on your credit card statement. For example, you may go to a restaurant by the name of Dave’s Bar and Grill and get a charge on your card a day later from Smith Enterprises—and you know you didn’t buy anything from a Mr. Smith.

So the way this works is, the bar was set up by Dave Smith’s parent company, Smith Enterprises, which owns a bunch of restaurants. When establishing merchant status, which is the ability to accept Visa, MasterCard and American Express, Dave filled out the parent company’s name, Smith Enterprises, in the merchant status application because the bar and grill is only a DBA (“doing business as”). This, of course, causes lots of problems.

The New York Times reports, “Every time someone initiates a dispute, the bank that issued the card must look into it. Someone has to contact the merchant and wait for a reply that may include a receipt or other documentation.

“Merchants must carve out time to respond to each dispute. They also pay one-time fees for the privilege and may end up paying higher overall fees to accept cards if disputes are too frequent. Or they just get cut off from accepting cards altogether.

“The true cost per dispute to the banks of all of this back and forth ranges from $10 to $40, according to a 2010 estimate by the consultants at First Annapolis.”

And you say, “Anyway,how is that my problem?” Because you still have a confusing statement and don’t know if your card was fraudulently charged or the merchant is making you work hard to determine what you bought. This costs you time and energy.

There are generally three things you can do to figure this out:

  • Google the name of the company that charged you. Chances are, many others have the same issue and the answer to your question is right there.
  • Call your credit card company and see if it has any inside info. If not, you may need to start a dispute.
  • Sign up for BillGuard. It’s free and has a system that allows you to see what banks and credit card companies might not. You can search the name of any mystery merchants here to find out who the heck they are.

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Resolve to Dissolve Credit Card Billing Errors

Like death and taxes, credit card disputes are inevitable. The good news is, whenever there is a credit card dispute that results from a billing error, the credit card company often takes the side of the cardholder until getting a counter argument from the merchant.

The better news is that all this is laid out in the Fair Credit Billing Act that went into effect in 1975. The law applies to “open end” credit accounts, like credit cards, and revolving charge accounts, like department store accounts.

The FCBA settlement procedures apply only to disputes about “billing errors.” For example:

  • Unauthorized charges. Federal law limits your responsibility for unauthorized charges to $50;
  • charges that list the wrong date or amount;
  • charges for goods and services you didn’t accept or that weren’t delivered as agreed;
  • math errors;
  • failure to post payments and other credits, like returns;
  • failure to send bills to your current address—assuming the creditor has your change of address, in writing, at least 20 days before the billing period ends; and
  • charges for which you ask for an explanation or written proof of purchase, along with a claimed error or request for clarification.

Your Rights

Nine out of 10 times, you should be able to pick up the phone or send an email to resolve any of the billing errors above and get everything squared away. However, some merchants recognize that the longer they dodge you and the more they avoid you, the more likely you are to give up. But hey, that’s your money! To take advantage of the law’s consumer protections, you must:

  • Write to the creditor at the address given for “billing inquiries,” not the address for sending your payments, and include your name, address, account number and a description of the billing error.
  • Send your letter so that it reaches the creditor within 60 days after the first bill with the error was mailed to you. It’s a good idea to send your letter by certified mail; ask for a return receipt so you have proof of what the creditor received. Include copies (not originals) of sales slips or other documents that support your position. Keep a copy of your dispute letter until you are satisfied with the resolution.

The creditor must acknowledge your complaint, in writing, within 30 days after receiving it, unless the problem has been resolved. The creditor must resolve the dispute within two billing cycles (but not more than 90 days) after getting your letter. Now, if things don’t work out the way you planned, there are lots more option to consider here. But if things begin to become very difficult, BillGuard can help you manage your dispute – for free!

The Federal Trade Commission (FTC) enforces the FCBA for most creditors except banks. If you think a creditor has violated the FCBA, file a complaint with the FTC.

Reduce billing error disputes:

  • Always reconcile your bills diligently and on a timely basis.
  • Refute billing errors immediately—within one to two billing cycles.
  • Use a credit card instead of a debit card, as credit cards offer more consumer protection.
  • Be patient. And be nice when talking to customer support.
  • Use BillGuard to watch your back and help you resolve billing errors and unwanted charges.

Robert Siciliano is a personal security expert & advisor to BillGuard and is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video. Disclosures.

Big Time Black Market For Your Credit Cards

WE DO NOT SELL DUMPS. DO NOT EMAIL OR CALL

WE DO NOT SELL DUMPS

There is an entire underground black-market out there hacking, buying and selling your information to steal your identity. The most sought after data is your credit card numbers.

“Carders” are the criminals who buy and sell “dumps,” which are large quantities of credit card and bank account details. Carders and other criminal hackers are also interested in so-called “fullz,” which include first and last names, email addresses and passwords, billing addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, bank account numbers and routing numbers, and even information like the names of victims’ employers and the number of years victims have been at their current jobs. These details help criminals commit new account fraud or account takeover fraud.

Krebs on Security recently reported on Superget.info, a public-facing website that openly sells this data to registered members. The website proclaims, “Our Databases are updated EVERY DAY. About 99% nearly 100% US people could be found, more than any sites on the internet now.”

Prices for bits and pieces of your identity go for as little as 9 cents, and it looks as though Social Security numbers are available for as low as $3 each.

Most of this stolen data results in new account fraud. Fraudulent credit card applications are the most lucrative form of new account fraud. Identity thieves love credit cards because they are the easiest accounts to open, and they allow thieves to quickly turn data into cash. Meanwhile, consumers don’t find out that credit cards have been opened in their names until they are denied credit or bill collectors start calling.

Robert Siciliano personal and home security specialist to Home Security Source discussingcredit and debit card fraud on CNBC.

Banks and Credit Card Issuers Move Toward Chip and PIN

EMV, which stands for Europay, MasterCard, and Visa, refers to the chip and PIN credit card technology commonly used in Europe and elsewhere around the world. Credit cards that incorporate an embedded microprocessor chip are far more secure than any other form of credit card currently available, including the standard magnetic striped cards that are all too easy to skim at ATMs and point of sale terminals.

Major banks and retailers are now pushing very hard to make EMV the new standard in the United States. Visa recently announced plans to expand their Technology Innovation Program to the U.S., which will encourage retailers to support cards with microchips by “[eliminating] the requirement for eligible merchants to annually validate their compliance with the PCI Data Security Standard for any year in which at least 75% of the merchant’s Visa transactions originate from chip-enabled terminals.” This will go into effect October 1, 2012 for merchants whose point-of-sale terminals accept both contact and contactless chips.

Meanwhile, Citi has announced the launch of its own Citi Corporate Chip and PIN card, which is designed for U.S. cardholders who travel abroad. Bank of America has made a similar announcement of its expanded credit card technology aimed at international travelers. And Wells Fargo is already testing EMV cards in the United States, with its Visa Smart Card, which includes the traditional magnetic stripe as well as a microprocessor chip, in order to make the cards flexible and useable around the world. Wells Fargo’s pilot program includes 15,000 customers who travel regularly.

With all these major players making significant strides to embrace EMV chip technology, it’s only a matter of time before full adoption becomes inevitable.

Consumers would be smart to take advantage of any pilot program available to them. EMV chip and PIN technology is more secure, and it also works better internationally than the old-school magnetic stripe.

For more information on the benefits of EMV chip technology and to show your support, visit www.GetFluentC.com, from JustAskGemalto, to let your voice be heard and share your stories.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures