Posts

Chip and PIN Credit Cards Finally Explained

Chip and Pin Credit Cards Lower Fraud by 700%

It will take at least 5 years for Chip and PIN (or EMV) transactions to make up the majority of retail card processing in the U.S.

  • Most large retailers are likely to implement Chip and PIN technology over the next two years
  • Other technologies, like mobile or electronic wallets (e.g. Apple Pay), could become the preferred payment method over Chip and PIN card technology due to their ease and advanced security.
  • Although Phase 1 (Chip and Signature) will prevent credit card fraud by making credit cards harder to clone, it WILL NOT make them harder to use if they get into the wrong hands. Therefore, continuing to closely monitor our accounts and personal information will help you avoid becoming a victim of fraud.
  • Phase 2 (Chip and PIN) WILL make credit cards harder for thieves to use, which is even more reason to support the transition to the new technology.

 

John Sileo is an an award-winning author and keynote speaker on keeping your organization from becoming the next data breach headline. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

How do I Get Businesses to Ask For Photo ID?

You’ve probably heard that instead of signing the back of your credit card, you can protect yourself by putting the words “Photo ID required” or “See photo ID”.  So we went out to test this method to see if it actually gets people to do that.  I presented my card at various shops (sporting goods stores, frozen yogurt stands, fast food joints…) and filmed the transactions.  In this small sampling, I found five who did not ask for my ID and six that did.

I wonder if you can guess what the difference is between the people who didn’t ask for my ID and the ones who did.  The answer?  I had written “Photo ID Req’d.” on the FRONT of my card (in several places, in fact) in the cases where it was requested and only on the back where it was not.

When you ask for privacy—when you ask for it loudly—people start to pay attention.  Not only do they pay attention, but they start to ask you why you do that and you get to educate them!

Remember also that you can’t just put “Photo ID Req’d” on the signature line.  You need to SIGN YOUR CARD or it means you’ve never completed your contract with your credit card company and they can hold you liable for everything spent on that card once you’ve activated it.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Entire Town in Colorado Has Identity Stolen

In a town with a population of about 3,000 people it seems that almost all the citizens of Bennett, Colorado have had their identity stolen. The scheme was simple and it was easy to fall victim. Identity thieves apparently used skimmers to extract credit and debit card numbers from individuals. Skimmer scams can happen when the criminal installs a “skimming” device over the card slot of an ATM, debit or credit card reader. The skimmer then reads the magnetic strip as the user unknowingly passes their card through it.

In the case of Bennett, Colorado it is believed that this was done at a local King Soopers gas pump. The skimmer is gone now and authorities are on the hunt for the thief.  King Soopers has denied that any of the fraudulent activity happened at their gas pumps and authorities have also said that they knew this was a crime spree for the past few weeks. In the meantime, many of the victims who used debit cards are without those funds because its the same as using cash. The average amount stolen was around $700 and more people are coming forward every day.

There are many ways you can make sure that you don’t become a skimmer victim.

  • Make sure that you always use a credit card instead of a debit card. Credit card companies are better prepared to handle fraudulent charges and it does not directly affect your ash flow. If you use a debit card, you are losing that cash immediately and have to prove your innocence to get it back.
  • Always examine the credit card machine or ATM where you are sliding your card very carefully. Usually you can tell if it looks funny or has an extra attachment . If you are at all suspicious, don’t use it. Go inside of you bank to withdraw funds until you are comfortable that the ATM is safe, or pay inside of the gas station rather than at the pump.
  • Don’t use your debit card at restaurants, as this is another prime place for theft. Instead, use your credit card and set up credit card account alerts that text or email you immediately when you make a purchase. If’ it’s a fraudulent charge, you will catch it very quickly.
  • Use Cash. This is the simplest way to protect yourself form this type of fraud.

John Sileo speaks professionally on identity theft. His clients include the Department of Defense, Homeland Security and many municipalities that have successfully avoided the types of thefts in Bennett, Colorado by educating their citizens.

Secrets of a Former Credit Card Thief

, ,

We’ve all heard the standard tips about preventing identity theft and credit card fraud. But what would a real identity thief tell you if he had the chance? A recent interview with creditcards.com talks to a thief one on one and reveals the secrets behind credit card theft.

Dan DeFelippi, who is 29 years old,  was convicted of credit card fraud and ID theft in 2004. He tells consumers that: You can never be too careful.

DeFelippi, Learned at an early age how to create fake Id’s and he said it went down hill from there. He mostly made fake credit cards with real credit card information he bought online. He would then make fake Id’s to go with them and purchase big ticket items at Best Buy or Circuit City. He would turn around and sell them on Ebay for cash. DeFelippi says committing credit card fraud is still “ridiculously easy to do,” he says. “Anyone with a computer and $100 could start making money tomorrow.”

CreditCards.com: How did you get started?

Dan DeFilippi: When I was in middle school and high school, I was into what I would call innocent hacking. I wasn’t trying to be malicious or make money. I was just interested to see what I could do. In college, I started selling fake IDs to make a little extra money. I was pretty active in online chat rooms where people would talk about this stuff, and I began to realize there was a whole world of credit card fraud where I could make a lot of money with very little effort. From there, it was just a huge downward spiral.

CreditCards.com: You said you bought credit card data online. Tell me about that.

DeFilippi: Every credit card has magnetic stripe on the back with data on it. There are people out there who hack into computers where that data is being stored. There are also people like waitresses and waiters with handheld skimmers who steal the data that way. Then they sell the data online. I’d pay $10 to $50 for the information from one card. Then I’d use an encoder to put that data on a fake card, go into a store and purchase stuff.

CreditCards.com: Do identity thieves like some credit cards better than others?

DeFilippi: Well, a lot of American Express cards have no set limit, so you’d be able to buy a lot more. However, the downside is that a lot of merchants require more security for American Express than for other cards. They may ask you to enter the four-digit code on the front of the card or your ZIP code. That information usually isn’t in the magnetic stripe information. So if a card is skimmed, if someone has its magnetic stripe information, they would still need the number on the front or your ZIP code to commit fraud.

Click Here to Continue Reading.

John Sileo is the award-winning author of the identity theft prevention book Privacy Means Profit and speaks on information control, identity theft prevention and data breach avoidance. His clients include the Department of Defense, Pfizer and the FDIC. To learn more, contact him directly on 800.258.8076.

Electronic Pickpocket Video – Identity Theft Expert

,

There is a new wave of Hi-Tech Identity Theft that the average person has no idea is possible. Identity Thieves are able to steal your credit card information without even touching your wallet.

RFID, or radio-frequency identity technology was introduced to make paying for items faster and easier. What many probably didn’t expect is that the same technology can be used by thieves to get your payment information just as easily. All major credit cards that have this technology have a symbol (pictured to the right). It means that your card can communicate via electromagnetic waves to exchange data (your credit card number) between a terminal and an electronic tag attached to an object, for the purpose of identification. With a quick scan of the card, the same way you would scan it to pay for items,  all of your payment information is directed towards a source or identity thief’s computer in this case.

With a laptop and an antenna, it’s possible that a virtual pickpocket can steal credit card information, without ever touching their victim.  All that is needed is a credit card reader that you can purchase online and a laptop computer. With a simple scan the crook can lift your credit card number, expiration date, and in some cases your name. Since 2006 all U.S. passports also have RFID technology so identity thieves are able to scan those just as easily and pick up more personal information in order to rip you off. These passports contain specific contact information as well as date of birth.

The statistics on this type of theft are not available because the detection rate is low and it is so new. There would be no way right now to prove that this method was used over other similar methods that steal your card information. There are a few ways you can protect yourself.

First, set up account alerts and monitor your statements. That way if your credit card is compromised you can detect it immediately and take the necessary steps to contact the bank, report the fraud, and cancel the card. Second there are sleeves and wallets built to protect your cards and make them unable to scan and be lifted. Several companies make products that create an RFID shield by blocking the electromagnetic energy necessary to power and communicate with contactless smart cards, passports, and enhanced drivers licenses.

Before you finish this article, pull out all of your cards to see if they have the sonar symbol above. Even one of these puts you at risk.

John Sileo is the award-winning author of Stolen Lives and Privacy Means Profit (Wiley, August 2010), a professional Financial Speaker and America’s leading identity theft expert. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.

Airlines Facing New Cyberfraud

Any airline, or any company, for that matter, that hasn’t upgraded their fraud-protection system in the last couple of years is an open book of credit cards and financial information to hackers and thieves. Credit card abuse, where a thief enters a stolen card number on a web site, is the primary source of online fraud. A new type of online fraud specifically targets airlines – a thief hacks into a frequent flier account (which we generally protect with weak passwords) and books a ticket for an unsuspecting second victim (you and your miles being the first), who pays cash for the ticket resold to them by the thief. When you catch on, you go after the victim, not the thief, who is long gone.

Although the internet is very convenient for travelers to book flights, it is very susceptible to fraud. These types of cyber fraud cases can cost the airlines millions of dollars a year. According to a UK survey taken in 2009, 48% of US and global airline carriers had a rise in online fraud in the past year. The average airline is losing $3 million dollars a year from fraud with $1 million coming directly from credit card fraud. Some predict losses to be much greater.  CyberSource, an electronic payment security-management company, released an airline industry poll last year and estimated total losses at $1.4 billion in 2008.

Many Ask, What are Arline Carriers doing to protect themselves and their customers from cyber fraud?

Some are increasing staff dedicated to monitoring online purchases for theft. Many are implementing new technology and tougher credit card rules that will detect fraud faster.  While larger carriers have the capital to implement these precautions, some smaller carriers lack the financial ability to make such immediate changes and find themselves becoming a growing target for cyber fraud.

As individuals, there are steps you can take to protect yourself, your credit card and your frequent flier miles form online fraud. First, implement strong passwords on your online airline accounts and never carry your frequent flier card with you in case you lose your wallet.  Second, sign up for payment alerts from your credit card company so you are notified anytime there is a charge on your card. If transaction alerts are part of your frequent flyer program, sigh up for those as well. Finally, keep a close eye on your airline mileage statements and bank statements. All of these will give you the ability to detect fraud early and hopefully prevent it from happening at all.

John Sileo speaks professionally about social media exposure, identity theft and cyber crime for the Department of Defense, Fortune 1000 companies and any organization that wants to protect the profitability of their private information. Contact him directly on 800.258.8076 or visit his speaker’s website at www.ThinkLikeASpy.com.

Identity Theft Scam Stole Millions – Pennies at a Time

The FTC just busted a long-running internet scam where offshore thieves set up virtual companies and stole millions of dollars from US consumers  one small charge at a time.

“It was a very patient scam,” said Steve Wernikoff, a staff attorney with the FTC who is prosecuting the case. According to him, the scammers found loopholes in the credit card processing system that allowed them to set up fake U.S. companies that then ran more than a million phony credit card transactions through legitimate credit card processing companies.

The fraudsters were able to fly under the radar for so long because they only charged consumers between $ .25 and $9 and set up over 100 fake companies to pull off these transactions. In this specific case they charged over 1.35 million credit cards a total of $9.5 million dollars – those nickles and dimes really add up! Shockingly, 94% of these charges went undetected by the credit card holder because they didn’t notice an unusual charge on their credit card statements and fraud detection agencies rarely detect anything under $10.

With more and more credit cards being accepted for smaller purchases (e.g., soda machines and parking meters) thieves have taken this opportunity to cash in on the frequency of these charges. While 6% of the charges were detected and reported, the huge number that didn’t even realize they had an unauthorized charge shows how lax we are about checking our statements. Here are some simple steps you can take to catch fraud early:

  • Set up automatic account alerts to monitor your daily credit card purchases. That way, anytime money is spent on the card, you receive an email or SMS text to your phone alerting you to the charge. If you didn’t use your credit card, you immediately know it’s a fraud and you can call and shut down your card.
  • A more basic step is to simply monitor your bank accounts and credit card statements closely. Rather than trusting that all charges are accurate you should make sure you know exactly when the charge was made, for what, and by whom.
  • If you aren’t sure about a charge, call the bank and ask them to confirm it is a legitimate charge.
  • Sign up for an identity monitoring service that can help with this. Although these victims only lost a few dollars here and there those small charges can add up – to the scammers it added up to $9.5 million!

Read more about how this scam was able to become so profitable to the thieves.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer, the FTC and the FDIC.  To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Fraud Report: SMiShing Identity Theft

smishing-text-messages-fraud

Identity Theft Expert John Sileo’s Latest Fraud Report

Just as you wouldn’t want to give any personal identity information to someone via email, you want to use the same practices via text message. There is a new wave of fraud that tries to trick you with text messages appearing to be from your bank.

According to Wikipedia, SMiShing uses cell phone text messages to deliver the “bait” which entices you to divulge your personal information. The “hook” (the method used to actually “capture” your information) in the text message may be a web site URL, like it is in phishing schemes. However, it has become more common to received a texted phone number that connects to an automated voice response system. One version of this SMiShing message will look like this:

Notice – this is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent at 866-###-####.

In many cases, the SMiShing message will show that it came from “5000” instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, instead of being sent from another cell phone.

Once you take the “bait” and pass on your private information, it can be used to create duplicate credit/debit/ATM cards. There are some documented cases where the information an unsuspecting victim gave on a fraudulent website was used within 30 minutes…halfway around the world.

To minimize your risk:

  • Approach all text messages asking for your personal information with a great deal of skepticism (Hogwash, to those in the know).
  • Understand that no bank, business or financial institution will EVER ask you to divulge or confirm your personal banking information over email or SMS text message.
  • If you have any question at all that the text is legitimate, contact your bank or financial institution directly using a published phone number (on the back of your card, for example).

John Sileo became America’s Top Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about bringing John to your next meeting or event, contact him directly on 800.258.8076.