U.S. is Dumb About Smart Cards
The typical US consumer still swipes their card, credit or debit, with those same old black magnetic stripes. And, we hold our breath and hope they work, and don’t lead to erroneous (fraudulent) charges we have to defend. The rest of the world has switched to Smart cards, according to Peter Svensson, The Associated Press, in The Denver Post. “The problem with that black magnetic stripe on the back of your card is that it’s about as secure as writing your account information on a post-card”.
Svensson comments “Smart-cards (chip-based cards) can’t be copied, which greatly reduces the potential for fraud. Smart cards with built-in chips are the equivalent of a safe: They can hide information so it can be unlocked only with the right key”.
This begs the question, why is the US lagging in this technology? How do we re-vamp our system to promote smart-card transactions? Some experts maintain that it is a lack of demand by everyone from consumers and issuing banks to retail establishments. In essence, we don’t want the added security. This, of course, is just a smoke screen to obscure the underlying issue: no one wants to pay for it. Consumer don’t feel like they should pay for the technology (through higher card fees) even if it makes them safer (Haven’t we always been pretty safe?). Banks don’t want to pay to issue higher-cost cards with chip technology (they probably think it is cheaper to weather the costs of fraud – it is not). And retailers don’t want the added expense of new, more sophisticated equipment.
U.S. Lags Europe on Credit Card Security
We can be as patriotic as we want to be, but today, the US lags behind other countries in credit card technology and consumer safety. Our current-day magnetic-strip technology is archaic compared to the chip-embedded cards of our European counterparts. Though some larger US retailers are offering support of the “smart-chip” cards, a mandate for their use (and greater protection for the consumer) is down the road. (Click here for the original story on NPR).
According to Andrea Rock, a senior editor at Consumer Reports who wrote an article about the security gap in the credit card industry (emphasis mine):
“The account information that’s needed to make a transaction on American cards is stored, unencrypted, on a magnetic stripe on the back of each card,”
And that means, until the industry changes, you are at risk. In the mean time, here are a few steps you can take to increase your security:
- Limit use of your debit card. The bank offers you less protection on debit transactions than credit transactions. Additionally, with debit cards, there is a PIN involved, potentially providing immediate cash access to your accounts by clever thieves. If fraud occurs, you are out the money until it is resolved.
- Use your credit card instead. It’s safer. Typically, credit card issuers offer zero-liability for losses associated with unauthorized transactions. You also have a longer time frame to catch and report the fraud.
Sileo Deflates ePickPocketing Hype on Fox & Friends
John appeared on Fox & Friends this morning to set the facts straight about the real and perceived risks posed by Electronic PickPocketing.
It is true that Identity Thieves are able to steal your credit card information without even touching your wallet. The technology exists, is readily available and can be assembled for under $1,000. But that doesn’t necessarily make it an efficient means of stealing credit card numbers.
RFID, or radio-frequency identity technology was introduced to make paying for items faster and easier. All major credit cards that have this technology have a symbol (pictured below). It means that your card can communicate via electromagnetic waves to exchange data (your credit card number) between a terminal and a chip installed inside of your card (or passport). Thus, by getting within a few inches of your credit card, a thief is able to obtain your credit card number, expiration date and maybe your name.
So we have established that stealing credit card numbers this way is possible, but is it feasible?
The Electronic Pickpocketing video circulating around YouTube makes it look that way. But the reality is a bit different. First, take into account that the news story in the video was focused around a gentleman and a company that makes money by raising your fear about this type of theft. The gentleman they interview runs a company that makes shields for your credit cards and passports to stop electronic pickpocketing. I’m not saying that the products don’t work or aren’t somewhat valid; I’m saying that you have to take the context of the story into consideration before buying the hype.
Electronic Pickpocketing Hype Banks on Your Fear!
Electronic Pickpocketing is Possible, but Over-Hyped.
There is a new wave of hi-tech identity theft that allows thieves to steal your credit card information using inexpensive technology to intercept credit card (and sometimes even passport) information without even touching your wallet. Watch the video to the left or read our Electronic Pickpocket post to learn the basics.
And make sure you pay attention to the fact that the person they are interviewing for the news piece in the video MAKES MONEY FROM YOUR FEAR OF ELECTRONIC PICKPOCKETING! The gentleman they interview runs a company that makes shields for your credit cards and passports to stop electronic pickpocketing. I’m not saying that the products don’t work or aren’t somewhat valid; I’m saying that you have to take this gentleman’s perspective into consideration before buying the hype. He benefits from your fear, so do a little more research before you go gettin’ all paranoid.
The amount of hype this old form of theft is receiving (yes, this has been possible for years, despite all of the attention it’s getting now) is a bit overblown. Here are just a few reasons why:
- The person being interviewed in the video benefits from your fear of electronic pickpocketing.
Electronic Pickpocket Video – Identity Theft Expert
There is a new wave of Hi-Tech Identity Theft that the average person has no idea is possible. Identity Thieves are able to steal your credit card information without even touching your wallet.
RFID, or radio-frequency identity technology was introduced to make paying for items faster and easier. What many probably didn’t expect is that the same technology can be used by thieves to get your payment information just as easily. All major credit cards that have this technology have a symbol (pictured to the right). It means that your card can communicate via electromagnetic waves to exchange data (your credit card number) between a terminal and an electronic tag attached to an object, for the purpose of identification. With a quick scan of the card, the same way you would scan it to pay for items, all of your payment information is directed towards a source or identity thief’s computer in this case.
With a laptop and an antenna, it’s possible that a virtual pickpocket can steal credit card information, without ever touching their victim. All that is needed is a credit card reader that you can purchase online and a laptop computer. With a simple scan the crook can lift your credit card number, expiration date, and in some cases your name. Since 2006 all U.S. passports also have RFID technology so identity thieves are able to scan those just as easily and pick up more personal information in order to rip you off. These passports contain specific contact information as well as date of birth.
Opting Out of Financial Junk Mail
Opt Out of Financial Junk Mail
Your private data is bought and sold by junk-mailers without your knowledge, but you can easily opt out by calling 1-888-567-8688 or visiting www.OptOutPreScreen.com.
There are complete industries built around collecting, massaging and selling your data – your name, phone number, address, spending patterns, net worth, the age of your children, the magazines you buy, etc. Companies buy bits of your privacy so that they can knowledgeably market products to you that you are likely to purchase.
To minimize the amount of your personal information bought and sold on the data market, begin “opting out”. Opting out is the process of notifying organizations that collect your personal information to stop sharing it with other organizations. “Pre-approved” credit card offers (i.e., financial junk mail) are a major source of identity theft. Those mailers give thieves an easy way to set up credit card accounts in your name without your consent. They spend money on the card and default on the balance, leaving you with the mess of proving that you didn’t make the purchases. The solution is to opt out of receiving pre-approved credit, home loan and insurance offers.
Operation Get Rich or Die Tryin’ Still Lives
Albert "Segvec" Gonzalez
Operation Get Rich or Die Tryin is the name that Albert Gonzalez gave to his scheme of stealing more than 130 million credit and debit card numbers from you and me. Today, Gonzalez, along with two unnamed Russian conspirators, was indicted in the state of New Jersey. Gonzalez, known by his alias of Segvec, was part of a cyber-crime ring that hacked into the computer systems of at least five major companies, including Heartland Payment Systems, 7-Eleven, TJMAXX, Hannaford Bros. Super Markets and Dave & Busters.
This is likely the largest case of identity theft ever prosecuted, comprising more that 130 million card numbers
Tactics: Gonzalez and his conspirators reviewed Fortune 500 Companies, performed reconnaissance on their retail stores, determined weaknesses in their payment systems and then utilized malware (malicious software) to intercept credit card numbers, expiration dates and names as they were transmitted from company to company
The crimes occurred between 2006-2008
In the strangest twist, it turns out that Albert Gonzalez was an informant for the Secret Service… on a card theft case. He took part in an undercover operation dubbed “Operation Firewall” that netted the arrest of 28 criminals (excluding himself) in 2004. After the operation was completed, Gonzalez took on the nick (nickname) of Segvec, moved to Miami, and took up his criminal ways once again.
Sileo In the Media
Privacy Project Newsletter
Tools and tips for bulletproofing yourself against identity theft, data breach and corporate espionage. Subscribe to the newsletter and get John Sileo's 7 Survival Strategies for Starving Data Spies for FREE!
