December 13, 2017

EMV Security Technologies Boosts Credit Fraud Protection

Credit card displays new EMV chip technology

Credit card displays new EMV chip technology

Costs of credit card fraud in the U.S. alone are estimated at $8.6 billion per year. One of the ways to combat this problem is through EMV security technologies. EMV chip cards are being added to the arsenal of weapons calculated to help secure the U.S. payments infrastructure. The added protection is important because by October 2015, major networks will shift fraud liability to either the issuer or the merchant, depending on which has the least secure technology. October 2015 is the date that card issuers such as American Express, Discover, MasterCard and Visa are required to update to EMV chip cards, terminals and processing systems.

Key Features

EMV chip technology was developed jointly by Europay, MasterCard and Visa in 1994, to create a global chip specification payment system and prevent financial fraud. The key features of the chip in credit cards are that they store information, perform processing, are a secure element which stores secrets and performs cryptographic functions. They protect against counterfeit fraud through authentication of the chip card and smart phone. They validate the integrity of the transaction through digitally signing payment data.

EMV chip technology is an extremely effective method of reducing counterfeit and lost/stolen card fraud in a face to face payments environment. That is why the PCI Security Standards Council supports the deployment of EMV. EMV chip cards, have advantages over traditional magnetic stripes. The chip’s security code changes with every purchase and the card is much less vulnerable to counterfeiting, experts say. The chip can not be duplicated.

Worldwide Adoption

EMV technology has spread globally.

EMV technology has spread globally.

EMV technology will reduce the chances for fraud, but the evolution to the new technology will take some time. Merchants will have to change equipment to read the chip’s security code. Magnetic stripes won’t disappear overnight. During the transition, cards will still be vulnerable to counterfeiting.

In early June, Sam’s Club introduced a rewards credit card using the chip. Sam’s parent company, Walmart, will follow suit later this year. Target, which was the victim of a huge security breach recently, has opted to add chip-and-PIN technology to its store-branded cards early next year.

The shift to EMV is part of a systematic upgrade of payment security that is being developed to counteract weaknesses that lead to security breaches. Among the budding technologies is “tokenization,” which would substitute a meaningless string of alphanumeric characters and biometrics for current credit card credentials. Anything that will stymie hackers in their pursuit of other people’s personal information is likely to be scrutinized.

Data Breaches

A large-scale data breach, such as those the country has experienced in recent months, could still affect your card, industry leaders say. If Target, for instance, had been already using the chip technology before its system was breached, it would not have protected the company from hackers who infiltrated the company’s database through a third party access credentials. That gave the hackers information on cardholder account numbers and personal information, such as names, addresses and phone numbers that greatly increased the scope for identity theft.

Best Practices

Until the problems of protecting ID are resolved, take a proactive stance. Protect your card against fraud or data breach, as much as possible. Use unique and more sophisticated passwords for online accounts, monitor your bank statements and sign up for available alerts. Report immediately to your financial institution if your card is lost, stolen or compromised so it can be replaced with a new number as quickly as possible. That will save you the hassle of disputing unauthorized charges

Credit Card Problems Can Ruin Vacations

vacations-1

Let’s get this vacation started!

Using a credit card (or two or more) while traveling is just a fact of modern life. And nothing can put the skids on a vacation faster than confronting the loss of your card or some other glitch that leaves you stranded. The answer is to plan ahead for any of the possible problems, according to financial wizards who give advice on such matters.

Notify Credit Card Companies

Begin by calling your credit card company before you start, especially if your travel plans will take you out of the country. If charges begin popping up in places the company is not used to, your account may be flagged as being suspicious. The company could try to contact you to verify the out-of-area transactions. Or they could simply freeze your card. They do that, of course, to protect you in the case of card theft, but it can play hob with your travel plans. It could cut you off from the source you expected to use to finance your travels and cause more consternation than you’d care to deal with away from home.

Some card issuers have provisions for you to notify them online. Log onto the account and look for “travel notification” or other tab that allows you to alert them to where you will be and for how long. Some companies are aware of the frequent travelers they serve and don’t require notification for every trip. But, as the old saying goes, “Better safe than sorry.” A few minutes of precautionary effort could save a lot of headaches.

Lost Cards

In case of a lost or stolen card, have your card company’s toll-free customer service number available. Put it in a place separate from your wallet or purse so if there is a theft or loss you will have the number you need. It would be wise to provide the number to a friend or family member as well. Carrying two credit cards gives you a backup if one is lost or stolen.

Use Rewards Offered

Some credit card issuers provide perks specifically for traveling. Be aware of what your card offers. They vary from one company to another, but could include such conveniences as free referrals to legal or medical services (for which you would, of course, pay) or to such improvements in amenities as hotel room upgrades.

Coverage for lost or damaged baggage would be a very desirable perk and the card companies tend to pay up to $500 more than what your airline might offer (most airlines pay up to $3,400 to recompense for lost luggage.) If you put an expensive camera in your checked luggage and it gets lost, some cards will pay up to $250 per lost item, not likely to cover the cost, but a start on replacement.

If you have the bad fortune to be involved in an accident with a rental car, some cards will help pay for the damage if it occurs in the United States. The benefit would kick in after you filed a claim with your usual vehicle insurer. If an accident occurs outside the U.S. and your own insurance doesn’t cover such an occurrence, the credit card fall-back may be your only chance to recoup costs. Some card companies also offer small amounts to compensate for delayed flights. The trick is to carefully go over the details of your service agreement so you don’t miss available perks.

Some credit card issuers have dropped the additional charges (usually 1 to 3 percent) on purchases outside the U.S., but some are still in effect. Again, check carefully to see what your card offers. If you have more than one card, use the one with the lowest charges for overseas buying.

Use Approved ATMs

Using ATMs in foreign countries can involve charges as high as $5 per pop. Check with your card companies to see if they have partnerships with ATMs in the countries you intend to visit. Or use a credit union card, which usually has fees lower than a bank card. Debit cards also pose lower fees for cash withdrawals, as a rule. Get reasonably large amounts of cash on each ATM visit to minimize fees. Avoid airport kiosks or currency exchange offices, which have significantly higher charges for providing you with cash.

Microchips

A microchip embedded in your card is an additional security option. Older cards tend not to have them, and thieves can more easily extract your information if they get their hands on your cards. By October 2015, microchip security will be required for all American cards. Europeans have had that extra safety measure for some time. Check with your card issuer to see if a microchip is an option.

Keep Payments Current

Before you fly off to parts far from home, remember to keep your credit card payments current. That way you’ll avoid the shock of late fees you forgot to anticipate. If you expect to add significantly to your credit card balance, make a payment ahead of time or set up an online payment before you leave. Request an increase on your credit limit if there is a chance you’ll exceed your current limit. And monitor carefully as you travel to avoid the embarrassment of surpassing the limit.

Bottom line: Your credit card can be your best friend on vacation, but only if you take the necessary safeguards and do the homework before you head out the door.

What’s New With The Target Security Breach?

target-breachThe biggest known corporate breach in U.S. history was perpetrated on Target in November, 2013. Hundreds of stories have been written about it in the news, on blogs and magazines. That comes as no surprise considering the current number of customers affected reaches upwards of 100 million.

The looming question in consumers minds remains. Who is responsible for the Target credit and debit card breach?  Brian Krebs,  and American journalist and investigative reporter who runs a computer security website has identified a likely suspect – Andrew Hodrievski of Odessa, Ukraine. Attempts to contact the suspect proved futile, but Krebs was able to email an associate of Hodrievski.  After exchanging emails with the associate, Krebs Security was offered $10,000 not to publish the incriminating information.  Hodrievski has not been arrested or questioned.

How Did They Do It?

The who question may have been answered, but the how question is still somewhat of a mystery to the public. Investigators have determined that the hackers were able to breach Target’s security through a third party vendor. Fazio Mechanical Service provided heating and air conditioning for the stores. After hacking into Fazio’s computer they gained the vendor’s username and password into Target. The hackers then used the same username and password to hack into the point of sale information where all customer information is stored.

Hackers then uploaded software to retrieve customer data for them. They tested the software on a handful of registers. Within two days they had access to a majority of Target’s cash registers and point of sale information. Thus the fraud began. Once they had customer data they sold the data on underground internet sites. The value of this data has gone down significantly as banks have purchased the same data, disabled cards and reissued new ones.

Investigators think the vulnerability was caused by the lack of two factor authentication for remote access, which is required by PCI Data Security Standards. PCI Standards help merchants to secure all Point Of Sale transactions.  Apparently Target used one network for most of their data while they should have been two different networks.  Isolating  3rd party remote access for vendors and customer data would have added another security measure needed and possibly helped prevent this type of security breach.

Latest News

Beth M. Jacob, chief information officer and executive vice president for Target’s technology services resigned from her position on Wednesday, March 5, 2013, just one week after Target posted their 4th quarter losses of $1.5 billion dollars compared to the previous year’s figures. More encouraging news in this case would have been that the criminal behind the attack was arrested.

Consumer Protection

For consumers who are now worried about their accounts being drained by complete strangers there is no magic bullet. The best thing to do at this point is to learn how to set up automatic alerts from your bank to your cell phone any time a transaction on your account occurs. You can then call the bank immediately when you discover any unauthorized transaction and prevent further loss.

The Target Credit Card Theft Of 2013

Detective Work For Credit Card FraudIt would have given Arthur Conan Doyle, British creator of never-lose sleuth Sherlock Holmes, a headache. International theft, creative detective work, suggestions of piracy and, hopefully, quick intervention – all are part of the huge credit card breach that struck Target stores in the period from Nov. 27 to December 15 last year. The breach was announced Dec. 18 and was quickly picked up by the media.

The loss was huge. “Track Data” from the magnetic strips on the back side of cards, was stolen from cards used at Target outlets across the United States. The theft was immediately followed by quick activity on underground black markets, where the information sells in batches of a million cards, which then are re-sold at prices from $20 to more than $100 per card.

Hundreds of criminal businesses sell stolen credit and debit cards from every bank and country, but some have earned the dubious reputation of offering quality “dumps.” With the pirated information from the stolen cards, experts can effectively clone the cards and use them in stores. Typically, the cards are used by savvy thieves for high-cost merchandise that can easily be converted to cash.

If the PINs associated with the stolen cards could be retrieved, the thieves could even use their false cards to withdraw money from the nearest ATM. There is no evidence that PIN numbers were compromised in this case, investigators say.

Fraud investigators are taking advantage of the known patterns used by such cyber thieves and using the illicit stores to “buy back” some of the stolen cards. In a surprising number of incidents, they were able to establish a direct link to the Target thefts by matching dates. In the Target breach, shadows of piracy emerged as particular dump shops adopted names associated with the history of buccaneering. Investigators identified a major outlet for the stolen cards as “Tortuga,” Spanish for turtle or tortoise, and also a historic base for pirate activities. This particular shop also was linked to an individual whose nickname is “Rescator,” a key figure in Russian cybercrime, who also is known as “Lampeduza.”

pirates
Recently, the proprietor of this illicit card shop announced a new base, Barbarossa, again a relic of piracy. (It also was the code name given to Germany’s invasion of the USSR during World War II.) One large American bank investigating the target situation purchased a sampling of cards across several countries and all of the cards the investigators purchased from Barbarossa had been used in Target stores during the breach timeframe.

Gregg Steinhafel, Target president and CEO, issued a statement to customers, acknowledging the breach as a serious crime, not only against the store, but especially against its clientele. “We understand that a situation like this creates stress and anxiety about the safety of your payment card data at Target. Our brand has been built on a 50-year foundation of trust with our guests and we want to assure you that the cause of this issue has been addressed and you can shop with confidence at Target.”

It appeared by late December that the company would re-issue some or all of the 5,300-plus cards affected by the breach. And Steinhafel also had advice for credit card users nervous about the possibility of repeat incidents of theft of personal financial information on this scale:

Closely review account statements, being vigilant for any evidence of misuse of your credit and/or debit cards. Free credit reports are available. Review your status regularly via both these sources, and if you suspect fraud, report it immediately to your financial institutions. You may contact the Federal Trade Commission or report suspicions to local law enforcement. The FTC web site is www.consumer.gov/idtheft, or call the agency at 877-IDTHEFT (438-4338.) Or write to the FTC Consumer Response Center, 600 Pennsylvania Ave. NW, Washington DC 20580.

If you find fraudulent transactions on your credit report, request that the credit reporting agency delete the information from your report. Under federal law, you are entitled to one free copy of your credit report each 12 months from each of the three nationwide credit reporting agencies. Obtain a report by going to www.AnnualCreditReport.com, or call 877-322-8288.

Research Further at KrebsonSecurity.com

Fighting Credit Card Debt

saving-money-protectionSince the beginning of the 2008 recession in the United States the economic reality of many middle to low income families has not been a pretty sight. More and more families have struggled to meet their monthly mortgages, rents, utilities, groceries and essential living expenses. You may be struggling as well.

Unemployment and rising medical expenses have driven many people to use credit cards as a “plastic” safety net. With high interest rates on credit cards, debt can keep growing until you are experiencing a debt snowball.

The US Census projects that Americans will carry $870 billion in credit card debt in 2013.

Some may think that their lucky charm is a debt protection product which will cover expenses in times of disability. In 2009, consumers spent about $2.4 billion dollars for this type of protection.

Self Assessment

There really is no lucky charm when it comes to managing your credit card debt, but you can easily figure out if you are having difficulty managing your personal finances.

Personal Questions To Ask Yourself

  1. Are you living paycheck to paycheck?
  2. Do you have little or no money put aside in a savings account?
  3. Are you unable to pay your creditors on time and are starting to receive collection calls?
  4. Can you only afford to make the minimum monthly payment on your credit cards?
  5. Have you taken out new loans to pay off existing debts?
  6. Do you hide credit card bills from family members?

All of these factors can lead you to even worse problems, which will eventually, if not corrected control your life in ways you had never dreamed possible. Low credit scores can affect employment, the ability to borrow money at a reasonable rate and increased interest rates on your current credit card balances.

Solutions

The easiest solution to credit card debt problems is to get serious about saving money and paying off your debt. Going to a website like www.utahsaves.org will let you take a pledge to save money, reduce debt, and build wealth over time as well as encourage others to do the same. So far, 310,000 people have signed up and taken “The America Saves Pledge.”

Benefits of signing up are that you will receive text messages to encourage you to save money. You have access to money management workshops. You will have access to personal financial counselors. You can also share your own money saving tips and qualify to win $25 if your story is selected.

While there, you can set up your own personal savings goal, choose the amount of money you want to save and how long you have to achieve the goal.

Getting Help

For consumers that are feeling overwhelmed by debt, you can call the National Financial Counseling Center at 1-800-351-4195 for a free confidential consultation with a Certified Financial Counselor. Plan to get out of debt today, not tomorrow!