December 13, 2017

10 Tips To Protect Against Identity Theft

"Identity theft leads the Federal Trade Commission's list of top consumer complaints, accounting for 14 percent of all complaints recorded by the government body in 2013." FTC

“Identity theft leads the Federal Trade Commission’s list of top consumer complaints, accounting for 14 percent of all complaints recorded by the government body in 2013.” FTC

Forget the bogey man, dragons and things that go bump in the night. Save the fear factor for the unscrupulous among us who steal our identities and leave us floundering, financially fractured and caught in a web of never-ending effort to prove who we are.

The stories are rampant. Every year, more than 16 million Americans are victimized by computer hackers, mailbox thieves and others who have made a science of cheating their fellowmen. The number probably is higher, because not all incidents are reported. The ill-gotten loot adds up to some $24.7 billion, topping all other property crime losses combined by $10 million.

It seems that everyone you talk to knows someone in their circle of family and friends that has suffered from the ill effects of this crime.

The crooks prefer older persons as targets. They have better credit and more accounts and they tend to be somewhat less tech savvy than today’s perpetrators. They are not as apt to monitor their financial resources as those who have grown up in a digital world.

The AARP conducted a poll among 2,250 older Americans and found that more than 12 percent had had unauthorized items purchased in their name in the past year. Law enforcement is overwhelmed, and few of the fraudulent cases are resolved. Among police agencies, the saying goes that “only the dumb ones get caught.”

How to protect yourself? Here are 10 hints:

1. Locking Mailbox

Get a locking mailbox or use a post office box. Almost 60 percent of Americans report they do not have a locked box, making them prime for the snoops who are looking for identify information.

2. Online Accounts

Get online accounts for all bank and credit cards so information does not go
by post. If you haven’t already gone online, you are part of the 50 percent of Americans who are vulnerable through this route.

3. Clean Car

Never leave personal information in your car. Some 20 percent of Americans in the age group 18 to 49 say they have left a wallet or purse in a locked car over the past week. Those over that age are more prone to be careful, with only 8 percent reporting having left personal items in a car.

4. Shred Documents

Shred documents that contain personal information, such as bank and credit card statements, tax forms and medical bills. Forty-one percent of those over age 50 shred at least once a week.

5. Lock Electronics

Lock devices such as smartphones, laptops and tablets with pass codes to prevent unauthorized use. Some 44 percent of those over 50 say they haven’t set up pass codes on their smartphones.

6. Close Old Credit Accounts

Close out old credit card accounts if you no longer use them. They are tempting come-ons for thieves.

7. Leave Your Social Security Card At Home

Don’t carry your Social Security card. Even the last four digits can give a fraudster enough information to damage your security.

8. Check On Your Bank Account Activity

Regularly check bank account and credit card statements. About 75 percent of Americans who bank online take this precaution.

9. Open Online Accounts With Credit Bureaus

Establish online accounts with Equifax, Experian and TransUnion, the three credit reporting agencies. They may help you spot any irregularities in your accounts early. Sixty percent of the country’s citizens haven’t taken this precaution.

10. Set Fraud Alerts

Put fraud alerts on your accounts with the credit agencies and consider a credit freeze. Too many who receive a fraud alert, 84 percent, failed to follow through with fraud alerts on their credit files; fewer than 6 percent considered freezing credit.

EMV Security Technologies Boosts Credit Fraud Protection

Credit card displays new EMV chip technology

Credit card displays new EMV chip technology

Costs of credit card fraud in the U.S. alone are estimated at $8.6 billion per year. One of the ways to combat this problem is through EMV security technologies. EMV chip cards are being added to the arsenal of weapons calculated to help secure the U.S. payments infrastructure. The added protection is important because by October 2015, major networks will shift fraud liability to either the issuer or the merchant, depending on which has the least secure technology. October 2015 is the date that card issuers such as American Express, Discover, MasterCard and Visa are required to update to EMV chip cards, terminals and processing systems.

Key Features

EMV chip technology was developed jointly by Europay, MasterCard and Visa in 1994, to create a global chip specification payment system and prevent financial fraud. The key features of the chip in credit cards are that they store information, perform processing, are a secure element which stores secrets and performs cryptographic functions. They protect against counterfeit fraud through authentication of the chip card and smart phone. They validate the integrity of the transaction through digitally signing payment data.

EMV chip technology is an extremely effective method of reducing counterfeit and lost/stolen card fraud in a face to face payments environment. That is why the PCI Security Standards Council supports the deployment of EMV. EMV chip cards, have advantages over traditional magnetic stripes. The chip’s security code changes with every purchase and the card is much less vulnerable to counterfeiting, experts say. The chip can not be duplicated.

Worldwide Adoption

EMV technology has spread globally.

EMV technology has spread globally.

EMV technology will reduce the chances for fraud, but the evolution to the new technology will take some time. Merchants will have to change equipment to read the chip’s security code. Magnetic stripes won’t disappear overnight. During the transition, cards will still be vulnerable to counterfeiting.

In early June, Sam’s Club introduced a rewards credit card using the chip. Sam’s parent company, Walmart, will follow suit later this year. Target, which was the victim of a huge security breach recently, has opted to add chip-and-PIN technology to its store-branded cards early next year.

The shift to EMV is part of a systematic upgrade of payment security that is being developed to counteract weaknesses that lead to security breaches. Among the budding technologies is “tokenization,” which would substitute a meaningless string of alphanumeric characters and biometrics for current credit card credentials. Anything that will stymie hackers in their pursuit of other people’s personal information is likely to be scrutinized.

Data Breaches

A large-scale data breach, such as those the country has experienced in recent months, could still affect your card, industry leaders say. If Target, for instance, had been already using the chip technology before its system was breached, it would not have protected the company from hackers who infiltrated the company’s database through a third party access credentials. That gave the hackers information on cardholder account numbers and personal information, such as names, addresses and phone numbers that greatly increased the scope for identity theft.

Best Practices

Until the problems of protecting ID are resolved, take a proactive stance. Protect your card against fraud or data breach, as much as possible. Use unique and more sophisticated passwords for online accounts, monitor your bank statements and sign up for available alerts. Report immediately to your financial institution if your card is lost, stolen or compromised so it can be replaced with a new number as quickly as possible. That will save you the hassle of disputing unauthorized charges

What’s New With The Target Security Breach?

target-breachThe biggest known corporate breach in U.S. history was perpetrated on Target in November, 2013. Hundreds of stories have been written about it in the news, on blogs and magazines. That comes as no surprise considering the current number of customers affected reaches upwards of 100 million.

The looming question in consumers minds remains. Who is responsible for the Target credit and debit card breach?  Brian Krebs,  and American journalist and investigative reporter who runs a computer security website has identified a likely suspect – Andrew Hodrievski of Odessa, Ukraine. Attempts to contact the suspect proved futile, but Krebs was able to email an associate of Hodrievski.  After exchanging emails with the associate, Krebs Security was offered $10,000 not to publish the incriminating information.  Hodrievski has not been arrested or questioned.

How Did They Do It?

The who question may have been answered, but the how question is still somewhat of a mystery to the public. Investigators have determined that the hackers were able to breach Target’s security through a third party vendor. Fazio Mechanical Service provided heating and air conditioning for the stores. After hacking into Fazio’s computer they gained the vendor’s username and password into Target. The hackers then used the same username and password to hack into the point of sale information where all customer information is stored.

Hackers then uploaded software to retrieve customer data for them. They tested the software on a handful of registers. Within two days they had access to a majority of Target’s cash registers and point of sale information. Thus the fraud began. Once they had customer data they sold the data on underground internet sites. The value of this data has gone down significantly as banks have purchased the same data, disabled cards and reissued new ones.

Investigators think the vulnerability was caused by the lack of two factor authentication for remote access, which is required by PCI Data Security Standards. PCI Standards help merchants to secure all Point Of Sale transactions.  Apparently Target used one network for most of their data while they should have been two different networks.  Isolating  3rd party remote access for vendors and customer data would have added another security measure needed and possibly helped prevent this type of security breach.

Latest News

Beth M. Jacob, chief information officer and executive vice president for Target’s technology services resigned from her position on Wednesday, March 5, 2013, just one week after Target posted their 4th quarter losses of $1.5 billion dollars compared to the previous year’s figures. More encouraging news in this case would have been that the criminal behind the attack was arrested.

Consumer Protection

For consumers who are now worried about their accounts being drained by complete strangers there is no magic bullet. The best thing to do at this point is to learn how to set up automatic alerts from your bank to your cell phone any time a transaction on your account occurs. You can then call the bank immediately when you discover any unauthorized transaction and prevent further loss.

The Target Credit Card Theft Of 2013

Detective Work For Credit Card FraudIt would have given Arthur Conan Doyle, British creator of never-lose sleuth Sherlock Holmes, a headache. International theft, creative detective work, suggestions of piracy and, hopefully, quick intervention – all are part of the huge credit card breach that struck Target stores in the period from Nov. 27 to December 15 last year. The breach was announced Dec. 18 and was quickly picked up by the media.

The loss was huge. “Track Data” from the magnetic strips on the back side of cards, was stolen from cards used at Target outlets across the United States. The theft was immediately followed by quick activity on underground black markets, where the information sells in batches of a million cards, which then are re-sold at prices from $20 to more than $100 per card.

Hundreds of criminal businesses sell stolen credit and debit cards from every bank and country, but some have earned the dubious reputation of offering quality “dumps.” With the pirated information from the stolen cards, experts can effectively clone the cards and use them in stores. Typically, the cards are used by savvy thieves for high-cost merchandise that can easily be converted to cash.

If the PINs associated with the stolen cards could be retrieved, the thieves could even use their false cards to withdraw money from the nearest ATM. There is no evidence that PIN numbers were compromised in this case, investigators say.

Fraud investigators are taking advantage of the known patterns used by such cyber thieves and using the illicit stores to “buy back” some of the stolen cards. In a surprising number of incidents, they were able to establish a direct link to the Target thefts by matching dates. In the Target breach, shadows of piracy emerged as particular dump shops adopted names associated with the history of buccaneering. Investigators identified a major outlet for the stolen cards as “Tortuga,” Spanish for turtle or tortoise, and also a historic base for pirate activities. This particular shop also was linked to an individual whose nickname is “Rescator,” a key figure in Russian cybercrime, who also is known as “Lampeduza.”

pirates
Recently, the proprietor of this illicit card shop announced a new base, Barbarossa, again a relic of piracy. (It also was the code name given to Germany’s invasion of the USSR during World War II.) One large American bank investigating the target situation purchased a sampling of cards across several countries and all of the cards the investigators purchased from Barbarossa had been used in Target stores during the breach timeframe.

Gregg Steinhafel, Target president and CEO, issued a statement to customers, acknowledging the breach as a serious crime, not only against the store, but especially against its clientele. “We understand that a situation like this creates stress and anxiety about the safety of your payment card data at Target. Our brand has been built on a 50-year foundation of trust with our guests and we want to assure you that the cause of this issue has been addressed and you can shop with confidence at Target.”

It appeared by late December that the company would re-issue some or all of the 5,300-plus cards affected by the breach. And Steinhafel also had advice for credit card users nervous about the possibility of repeat incidents of theft of personal financial information on this scale:

Closely review account statements, being vigilant for any evidence of misuse of your credit and/or debit cards. Free credit reports are available. Review your status regularly via both these sources, and if you suspect fraud, report it immediately to your financial institutions. You may contact the Federal Trade Commission or report suspicions to local law enforcement. The FTC web site is www.consumer.gov/idtheft, or call the agency at 877-IDTHEFT (438-4338.) Or write to the FTC Consumer Response Center, 600 Pennsylvania Ave. NW, Washington DC 20580.

If you find fraudulent transactions on your credit report, request that the credit reporting agency delete the information from your report. Under federal law, you are entitled to one free copy of your credit report each 12 months from each of the three nationwide credit reporting agencies. Obtain a report by going to www.AnnualCreditReport.com, or call 877-322-8288.

Research Further at KrebsonSecurity.com