Tag Archives: credit card fraud

Stop Getting Hacked: 4 Steps to Obtaining and Using a Free EMV Credit Card

Image By: tales of a wandering youkai

Most Americans can successfully play the “six degrees of separation” game when it comes to knowing someone whose credit card was hacked in the last couple of years. In fact, stolen Target cards in 2013 alone accounted for $53.7 million in income for hackers. Although many folks remember the Target breach, few people remember that 20 other major data breaches occurred in 2014. The reason, is at least in part, is due to the lackluster security technology in our existing credit cards.

The traditional magnetic stripe cards require only a signature for security purposes, and any security system built around low paid retail employees checking signature verification is destined to fail. Who hasn’t sent a friend or relative off with a credit card to buy gas or to purchase groceries where no one questioned the difference in signature on the back of the card and the signature on the terminal or receipt?

Thankfully, there is a more secure form of credit card. Chip Cards, known as EMV or “smart cards”, add another layer of fraud protection through an embedded microchip that turns card member information into unique codes that is difficult to replicate. Plus, if your card is stolen, thieves cannot use EMV data to create usable counterfeit payment cards.

EMV enabled cards, have been around for about ten years in about 80 countries worldwide, but are only recently being adopted by the US, due to legislation that forces merchants to accept them by October 1, 2015. Currently, about 10-15 million chip credit cards already have been issued to U.S. consumers. Additionally, about one million out of more than 10 million POS (Point of Sale) terminals have already made the transition, and as merchants renew with their existing provider or pick a new credit card processor, they are adding the capability.

What Can You Do Now?
1. Find Out If Your Card Is Available in EMV Format: Check out this page at EMV Connection, which shows an up-to-date list of EMV issuers and the availability of EMV cards in the U.S. You can use this list to know what to ask for when you call your credit card company for a replacement card. Or, you can learn more about the card you may already have in hand. In fact, if you received a new credit card from your issuer sometime in the past year, you may already have experienced the technology without realizing it.
2. Request a Free EMV Enabled Card: Will you need to pay for these chip cards? Not if you already own a credit card. All you need to do is call your card issuer or go online to that issuer’s website and request an EMV card. Although banks have been rolling EMV cards out as renewal card replacements, you may need to ask your issuer specifically for that EMV card if you are traveling soon. Most credit card companies won’t issue a card at any time other than renewal unless you ask.
3. Start Using It Wherever Possible: Most new cards issued will contain both the stripe and the chip. So, if you’re standing at a credit card terminal and you aren’t sure what to do, just enter the card in the card slot. If the EMV terminal isn’t ready for your card yet, the machine will show an error and you’ll be prompted to swipe it. If you try to swipe a chip card in an EMV-activated terminal, the same thing will occur – an error message and a prompt to insert the card differently so the machine will read the chip.
4. Memorize Your PIN: Unmanned terminals at automated kiosks may now ask for a PIN number with EMV cards. This is when you DO need to worry. In the past, card holders didn’t need to memorize their PINs, and now they do. Don’t carry a list of PINs around with you, either, because the risk of that EMV card and your PIN list being stolen is just as high as it’s ever been.
Trading out your old magnetic stripe credit card for a chip enabled credit card provides you with a more secure, but equally convenient, way to pay for your transactions. Additionally, remember, that you should use the chip on your card whenever possible, you shouldn’t carry a PIN list around with you, and you should shred your old cards. Taking these simple measures can go a long way to minimizing the risk of credit card and identity theft.
==
Rich McIver regularly writes about consumer protection and advocacy as it relates to the credit card processing industry. He is the founder of MerchantNegotiators.com, and can be reached via Twitter or Facebook.

NXT-ID claims Wocket™ is useless to thieves

By: bozontee’s golden zebra

Once upon a time, Dr. Seuss wrote a book called There’s a Wocket in my Pocket where a little boy talked to strange creatures living in his house. Nobody really knew what a Wocket was though. NXT-ID, Inc., a biometric authentication company, wants everyone to carry around a Wocket™ in their pocket. The company NXT-ID claims Wocket™ is useless to thieves has plans to launch the Wocket™ in New York City on May 28.

Wocket™ is considered the newest smart wallet heading to the e-commerce market. At the launch consumers and media will get the first look and feel of the smart wallet that claims to zeroize each sale immediately making the Wocket™ useless to thieves.

The patent-pending Wocket™ uses biometric solutions to secure consumers’ mobile platforms. The smart wallet is designed to replace all the cards in your wallet without the need for a smart phone. It will be 3.7”W x 2.75”L x .39”H. The smart wallet only becomes accessible through a unique combination of voice, PIN or pattern. It was designed to keep Wocket™ transactions separate from regular transactions in order to keep Wocket™ transactions secure by zeroizing each card after use.

Wocket™ isn’t the first smart wallet on the market. It is an evolution of the smart wallet’s already on the market. Google offered a smart, virtual wallet to help consumers’ keep their information secure. Google Wallet comes in the form of an app or a card that stores credit card and loyalty card information all in one place.

Security is the biggest concern for smart wallets since they were designed with consumer security in mind. The Google Wallet offers 24/7 fraud monitoring and Google Wallet Purchase Protection. If your phone or card is lost or stolen it can be disabled through a Google Wallet account.  The Wocket™ doesn’t offer a protection program instead it offers a guarantee.

According to the FAQ, the creators say, “while we can’t ensure that your card never gets stolen, we can guarantee that it’s worthless to anyone that gets a hold of it. Each time after the dynamic card is used, it is zeroized. Thus, it is merely blank piece of plastic to any ambitious thief.”

There are very few other smart wallets on the market. The Wocket™’s biggest competitor appears to be Google Wallet, but there are a few other smart wallets attempting to emerge on the scene including the PING wallet and the SmartWallit.

Legitimate debt collector or fraudulent data colletor?

Data collection scams and debt collection scams have risen dramatically in the last few years.  Mal-ware at point of sale terminals has been used to steal customer data. Emails that phish for information have been used to steal consumer information and fake debt collectors who threaten victims with lawsuits and arrests have used information gained to exploit consumers.

“Unscrupulous scams hurt consumers and unnecessarily impedes legitimate debt collection efforts,” said ACA International CEO Pat Morris. “The recovery of consumer debt is vitally important to our local, state, and national economies. Those who purposely violate the law to exploit consumers should be held fully accountable for their actions.”

Consumers need to protect personal data and they need to know the difference between a legitimate debt collector and a fake scam being conducted to steal personal information.

ACA International recommends several important items in discerning a legitimate attempt to recover a debt. The first item is that a debt collector may not contact a consumer at times known to be inconvenient. Generally, a legitimate debt collector may not contact a consumer before 8 a.m. or after 9 p.m. in the consumers’ time zone.

Another item is that a debt collector must disclose its identity to the consumer and notify the consumer that the communication is from a debt collector, and (in the initial communication) that any information obtained will be used to effect collection of the debt. Debt collectors are not allowed to make false representations and may not threaten to take action against a consumer if it doesn’t actually intend to seek such action. Consumers also need to be aware that they can dispute the validity of the debt and during the time the debt is being dispute the debt collector must cease collection activity until verification of the debt has been provided. More guidelines can be found at ACA International.

Consumers can protect their personal data by checking credit and debit cards vigilantly and reporting any charges that appear questionable, even small amounts. Consumers can also monitor their credit profiles along with their card activity and consumers need to keep in mind that phishing scams for information don’t just happen via email and the phone. Phishing scams can come through snail mail also.  Shred paper with personal information before throwing it away, make online passwords stronger by using a mix of capital and lowercase letters, symbols and numbers, and take great care when giving out credit or debit card numbers, Social Security numbers or other personal information online and offline.

As Target breach grows, retailer embraces security options

Target’s data breach over the holiday season turned out to span far wider than the original numbers estimated.  The major retailer said the breach that happened between Nov. 27 and Dec. 15, 2013 compromised the financial information of approximately 40 million shoppers shortly after the breach occurred. Recently, the company informed consumers that it had uncovered an additional 70 million to 110 million customers who may have had their names, mailing addresses, phone numbers and email addresses stolen.

The data stolen from Target was originally thought to come from the terminals where customers swipe credit and debit cards. The retailer said originally that the only information affected was the information stored in the magnetic strips on the back of customers’ cards. The retailer learned shortly after that customers’ encrypted PIN data had also been obtained. The latest revelation by Target is raising more concerns because personal information isn’t stored on the magnetic strips on credit and debit cards.

Target’s data breach has severely impacted the company and will continue to as long as more information about the breach becomes known. The retailer has apologizes to customers for the broadening violations of customers’ private information.

“I know that it is frustrating for our guests to learn that this information was taken, and we are truly sorry they are having to endure this,” Gregg W. Steinhafel, Target’s chief executive, said in a statement to the New York Times.

Target is now offering free credit monitoring and identity theft protection to customer’s for one-year free.  The one-year offer includes a credit report, daily credit monitoring, identity theft resolution, identity theft insurance and ProtectMyID ExtendCARE, personalized assistance from a highly-trained Fraud Resolution Agent after the one-year period expires.

Target has listed tips for customers who wish to protect their information:

“Never share information with anyone over the phone, email or text, even if they claim to be someone you know or do business with. Instead, ask for a call-back number. Delete texts immediately from numbers or names you don’t recognize. Be wary of emails that ask for money or send you to suspicious websites. Don’t click links within emails you don’t recognize.”

A FAQ page has been set up on Target’s website to deal with information regarding the data breach and information related to other scams.

Don’t Double Swipe Your Credit Card

don't double swipe your credit cardThe Credit Card Association of the Philippines (CCAP) has given the message “Don’t double-swipe credit cards” to commercial establishments and retailers. The advice is good for customers, too. The practice of “double-swiping” can compromise the data security of credit cardholders.

Alan German, a spokesman for CCAP, said that criminal groups are targeting Point-of-Sale systems, stealing card data and customer PINs.

German told ABS-CBNnews.com, “In many cases, the second swipe results in the credit card’s full data to be retained by the merchant in its own system. Effectively, this unnecessary practice increases the merchants’ vulnerability to potential data compromise… This loose data, so to speak, can then be used to create counterfeit cards, engage in identity theft, and perpetrate fraud.”

The reason “double-swiping” has become common among retailers is because it is often used for customer loyalty programs, record-keeping or other aspects of the retail-operations.  The second swipe of a credit card is most often unrelated to authorization or transaction settlements with the retailer.

German believes that if card issuers and merchants understand the risks in double-swiping cards, they will undertake measures to protect their businesses.  Understanding the risks would also protect credit cardholders from potential identity theft and other types of fraud.

Identity theft is one of the fastest growing crimes. The Federal Bureau of Investigation (FBI) says the bad news is that we are all vulnerable to identity theft, but there are ways to protect yourself: “First, don’t carry your social security number on any documents in your purse or wallet; change your driver’s license or any other documents to different numbers. Next, lock your mailbox and be sure to stop mail when you’re out of town for more than a few days. Shred your trash with a cross cut shredder. Be careful what you say about yourself in public –especially when you’re on your cell phone. Finally, you can protect your computer with a fire-wall, anti-virus software, or a program that removes spyware.”

Another item that the FBI might list on their website to protect customers and retailers is “Don’t double-swipe your card.”

Data Breach Report Shows That Password Attacks Are Not Being Forced To Adapt

Everyone that spends time on the Internet is familiar with the ideas of usernames and passwords. A recent investigation by the Verizon Data Breach Investigations team revealed that our passwords are not doing the job. In 2012, authentication-based attacks were the number one method used by a mile in breaches online. In fact, four of five breaches were accomplished in this manner. What does this mean to us as surfers? Actually, it means quite a bit.

It means we are giving our permission without being aware of it

Most people realize that they should not give out their personal information, but they keep on doing it anyway. In fact, the criminals are counting on it. If we give our authorization to breach our information, what could be easier for an online, anonymous criminal? Phishing emails, asking for your information directly, false websites and countless other methods are out there. Once the password or username is secured, you would be shocked at the damage they can do.

Why change what is not broken?

That is almost certainly what the criminals are thinking. For the last several years the data has not changed hardly at all. By far, the easiest way for criminals to get your information is to ask for it…..and they do. Because we are not forcing a change, they simply keep on doing the same thing.

How do we force change?

The best way is to educate ourselves. You have to understand that any company that asks for password or username in an unsolicited email is fake. No company is going to do this in our modern online world without them having an ulterior motive. Never click a link you are uncertain about. Never visit a website with a bad reputation. You can see this by checking it with your anti-virus and other online tools. Most of all, we need to change how we pick our passwords.

How can we get a great password?

The easiest way to do this is to use a system like Roboform to store your passwords after you create them.  A website like strongpassword generator can help you create a great one if you have problems making something that will be hard to crack. This is a very easy way to come up with one that won’t be discovered. Of course, many will want to do it themselves and that is fine. Just don’t use anything that is obvious like a pet name or variation of your name. The criminals are very good at discovering your information. Use a letter, number and capitalization mixture for the best results.

Crime Network Shows Sophistication According to Study

It appears that our online criminal element has become a bit more sophisticated than one might expect. Certainly there have always been smart criminals out there, but this latest finding really boggles the mind. Thomas Holt, a criminologist from Michigan State University, has discovered that some criminals are using an online marketplace to market stolen credit card information.  This group would use an online forum to ask for criminal help such as money laundering or even data. They would then send and receive money electronically.

These criminals were clearly advanced according to Holt, as it showed the capabilities of advanced criminal thinking. This was not a bunch of kids trying to hack sites.

Have you ever gotten emails from someone asking about email, username or password information? This is called phishing and it is what criminals like this depend on. These criminals will steal information from major retailers, banks or other sources. Once they have this information, they will then send out these emails posing as your bank or website retailer.

These criminals are very good at looking realistic Continue reading Crime Network Shows Sophistication According to Study