Posts

I Left My Credit Card @ The Restaurant, Now What?! – Privacy Project Episode #8

, ,

So I’m out to dinner with a professional speaker whose name I’ll drop so that you’ll be impressed. Larry Winget. Larry is the Pitbull of Personal Development and he’ll probably kill me for not putting a trademark after that title, because he owns it. If you have somebody in your life (kid, employee, boss) that doesn’t take responsibility for the life they lead and the work they’re supposed to do, Larry’s your man. Google his name and find out, or go to LarryWinget.com.

But back to my story. I treated Larry to dinner in Phoenix because I owe him a thousand meals for the coaching he gives me and we’re leaving the table when his wife (who is much nicer than Larry) asks if I’ve taken my credit card out of the folder. Nope. God I hate when that happens! Small oversight for someone who lives and breathes security and privacy. I left my card in the folder, on the table and was fully prepared to leave the restaurant!

Anyway, this brings up a good point. Now matter how much you know, no matter how hard you work at protecting your identity,sometimes you will slip up and be your own worst enemy. There are just simply times when identity is out of our control. But you don’t have to stress about it. A quick response solves a lost credit card without much pain. Take a look at the video for steps on what to do if you lose or misplace your card.

How to Opt Out of Junk Mail to Protect Identity


There are complete industries built around collecting, massaging and selling your data – your name, phone number, address, spending patterns, surfing habits, net worth, the age of your children, the magazines you buy, etc. Companies buy bits of your privacy so that they can knowledgeably market products to you that you are likely to purchase. The problem is, that data, once collected, is often breached by hackers who want to know more about you.

To minimize the amount of your personal information bought and sold on the data market, begin “opting out”.  Opting out is the process of notifying organizations that collect your personal information to stop sharing it with other organizations. “Pre-approved” credit card offers (i.e., financial junk mail) are a major source of identity theft. Those mailers give thieves an easy way to set up credit card accounts in your name without your consent. They spend money on the card and default on the balance, leaving you with the mess of proving that you didn’t make the purchases. The solution is to opt out of receiving pre-approved credit, home loan and insurance offers as well as mass marketing databases.

Pre-approved credit offers (also called pre-screened or pre-qualified credit offers) are possible because credit reporting bureaus (Experian, Equifax and Trans Union – companies that collect and sell financial data on nearly every American) make a great deal of money selling your identity (i.e., name, address, phone number, age, credit score) to credit card, loan and insurance companies.  But it is your right to stop the sale of your information.

Fortunately, there are ways for you to “opt-out” of widespread information sharing (see the list of more than 120 ways below).

The Top 4 Opt-Out Opportunities:
  1. www.OptOutPreScreen.com. Remove yourself from the marketing lists sold by the three major credit reporting bureaus, Equifax, Experian and TransUnion. There is not cost for this list.
  2. www.DMAchoice.org. This puts you on a Do Not Mail list for the Direct Marketing Association. This is a free service online ( $1 by mail) and allows you to remove yourself from receiving previously unsolicited catalogs, magazines, “other” mail offers, and provides a link back to OptOutPreScreen for credit offers.
  3. White Pages. That’s right, your old-fashioned printed phone directory is the source for most of the online contact info databases. To remove your directory listing you have to contact your local phone company .
  4. www.Spokeo.com. To opt out, read this blog post about [intlink id=”1752″ type=”post”]removing your info from Spokeo[/intlink]. This is one of the more utilized sites by identity thieves, stalkers and scammers.

There is a slower and more tedious process of opting out of online directories (i.e., you have to visit every one. Some (Spokeo.com)  are more important than others (Whitepages.com) because of the information that they collect. Sites such as Spokeo.com can have as much information as your physical address and pictures of your home, while others may just house your phone number. These sites spend hours upon hours scouring public records such as marriage licenses, birth certificates, and real estate purchases for this type of information.

Since most online directories typically offer a way to opt out of their listings you would think they would make it easy. Not so. They tend to hide this option deep within the site, as they don’t actually want you to leave. Luckily, The Privacy Rights Clearing House has done most of the legwork in their Comprehensive Opt Out List. I suggest starting with a few main sites, 123people.com, spokeo.com, etc. and continuously adding to it over time. Opt out of one a week if you like, and eventually your data will be less exposed. Protecting your privacy and identity is a layering process. It is easy for people to get overwhelmed, especially when it comes to online directories.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

U.S. is Dumb About Smart Cards

, ,

The typical US consumer still swipes their card, credit or debit, with those same old black magnetic stripes. And, we hold our breath and hope they work, and don’t lead to erroneous (fraudulent) charges we have to defend. The rest of the world has switched to Smart cards, according to Peter Svensson, The Associated Press, in The Denver Post. “The problem with that black magnetic stripe on the back of your card is that it’s about as secure as writing your account information on a post-card”.

Svensson comments “Smart-cards (chip-based cards) can’t be copied, which greatly reduces the potential for fraud. Smart cards with built-in chips are the equivalent of a safe:  They can hide information so it can be unlocked only with the right key”.

This begs the question, why is the US lagging in this technology? How do we re-vamp our system to promote smart-card transactions? Some experts maintain that it is a lack of demand by everyone from consumers and issuing banks to retail establishments. In essence, we don’t want the added security. This, of course, is just a smoke screen to obscure the underlying issue: no one wants to pay for it. Consumer don’t feel like they should pay for the technology (through higher card fees) even if it makes them safer (Haven’t we always been pretty safe?). Banks don’t want to pay to issue higher-cost cards with chip technology (they probably think it is cheaper to weather the costs of fraud – it is not). And retailers don’t want the added expense of new, more sophisticated equipment.

For the sake of a short term buck, all three groups are willing to sacrifice long-term safety, viability and profits. Does anyone else out there feel like America can be embarrassingly short sighted at times?

Smart cards are recognizable by the fingernail-size gold contacts embedded on one side of the plastic. In Europe, rather than turning your card over to a waiter, the waiter presents a wireless payment terminal, has you swipe your card and enter your PIN without ever losing sight of the transaction. The window for fraud drops nearly to zero since you are actively involved in the transaction.

What can you do to help? Let your financial institution know that you value the security of smart-card technology. According to Richard Sullivan, senior economist at the Federal Reserve Bank of Kansas City, in 2006, 9 cents out of every $100 paid by card in the US ended up in the pockets of criminals (and not on the bottom line of the credit card company or retailer). The comparable figure for Spain was 2 cents. Let your bank know that they can save approximately 7% of every dollar they earn (a high ROI for a bank) by catching up with the times.

__________________________________________

John Sileo is America’s leading financial keynote speaker on identity theft and non-technical data security (the human element). His clients include the Department of Defense, Pfizer, Homeland Security and the Federal Reserve Bank. Contact him directly on 800.258.8076 and reference smart cards for more information.

U.S. Lags Europe on Credit Card Security

, ,

We can be as patriotic as we want to be, but today, the US lags behind other countries in credit card technology and consumer safety. Our current-day magnetic-strip technology is archaic compared to the chip-embedded cards of our European counterparts.  Though some larger US retailers are offering support of the “smart-chip” cards, a mandate for their use (and greater protection for the consumer) is down the road. (Click here for the original story on NPR).

According to Andrea Rock, a senior editor at Consumer Reports who wrote an article about the security gap in the credit card industry (emphasis mine):

“The account information that’s needed to make a transaction on American cards is stored, unencrypted, on a magnetic stripe on the back of each card,”

And that means, until the industry changes, you are at risk. In the mean time, here are a few steps you can take to increase your security:

  • Limit use of your debit card. The bank offers you less protection on debit transactions than credit transactions. Additionally, with debit cards, there is a PIN involved, potentially providing immediate cash access to your accounts by clever thieves. If fraud occurs, you are out the money until it is resolved.
  • Use your credit card instead.  It’s safer.  Typically, credit card issuers offer zero-liability for losses associated with unauthorized transactions. You also have a longer time frame to catch and report the fraud.
  • Set up automatic account alerts so that you receive an email or SMS text anytime a transaction is made. That way, if someone is using your card illegally, you are notified and can shut it down immediately before it becomes a big problem.
  • Let your credit card provider know that in order to keep your business, they need to update to the latest security technologies.

John Sileo is the award-winning author of Privacy Means Profit, The Smartphone Survival Guide and The Facebook Safety Survival Guide. Learn more at www.ThinkLikeASpy.com.

Sileo Deflates ePickPocketing Hype on Fox & Friends

, ,

John appeared on Fox & Friends this morning to set the facts straight about the real and perceived risks posed by Electronic PickPocketing.

It is true that Identity Thieves are able to steal your credit card information without even touching your wallet. The technology exists, is readily available and can be assembled for under $1,000. But that doesn’t necessarily make it an efficient means of stealing credit card numbers.

RFID, or radio-frequency identity technology was introduced to make paying for items faster and easier.  All major credit cards that have this technology have a symbol (pictured below). It means that your card can communicate via electromagnetic waves to exchange data (your credit card number) between a terminal and a chip installed inside of your card (or passport). Thus, by getting within a few inches of your credit card, a thief is able to obtain your credit card number, expiration date and maybe your name.

So we have established that stealing credit card numbers this way is possible, but is it feasible?

The Electronic Pickpocketing video circulating around YouTube makes it look that way. But the reality is a bit different. First, take into account that the news story in the video was focused around a gentleman and a company that makes money by raising your fear about this type of theft. The gentleman they interview runs a company that makes shields for your credit cards and passports to stop electronic pickpocketing. I’m not saying that the products don’t work or aren’t somewhat valid; I’m saying that you have to take the context of the story into consideration before buying the hype.

The reality is that electronic pickpocketing is extremely time and resource intensive. Most thieves are smart enough to know that they are better served hacking into a database with hundreds of thousands of records rather than collecting them one at a time.

Here are just a few reasons why this threat, though real, is overblown:

  • While the RFID scanner itself can be purchased for under $100, you also need $500-$1,000 worth of additional equipment (laptop, blue tooth transmitter, cables, power supply, etc.) to make it a practical, mobile kit.
  • Once the thief has the kit, they need to get within 2-3 inches of your purse or wallet for 3-5 seconds on as many victims as possible without getting caught. This might be easy on a subway, but it gets much more difficult as people spread out.
  • When a thief steals this information from you, they generally get your credit card number, expiration date and quite possibly your name. They DO NOT get your 3-digit security code or address. This is the same amount of information that the average waiter or retail clerk gets simply by looking at your card.
  • Because they don’t get your 3-digit security code or address, it is much more difficult for them to use the credit card number to make purchases on the internet, as most sites require some form of address verification or 3-digit security confirmation.
  • Only a fraction of cards utilize the RFID/Contactless Swipe technology, lowering your chances significantly.
  • As long as you catch your card being used fraudulently (see the protection suggestions below), you will not be held liable for the losses, the business that accepted the illegal card will. Even if your information is used to make a new card, if you are monitoring your identity properly, your out of pocket will be minimal.
  • Fraud departments in credit card companies have come a long way. Most credit card companies are able to detect fraud on your card faster that you can. More secure credit card companies will call to confirm suspicious purchases or purchasing patterns.

But it can happen, and it’s worth preventing. Which is simple:

  • First, check to see if you even have credit cards with the ability to beam your information to an RFID receiver (look for the circled symbol in the photo to the right). If not, stop worrying and just monitor any future cards you receive.
  • Next, set up account alerts and monitor your statements to cover yourself in the small chance that it happens to you. That way if your credit card is compromised, you can detect it immediately and take the necessary steps to contact the bank, report the fraud, and cancel the card.
  • If you are worried about having a credit card that can transmit your personal information, call your credit card company and ask them to send you a card that doesn’t transmit or have RFID capabilities (you know it transmits if it has the small broadcast or sonar icon circled to the left). Get rid of the source of the fraud!
  • Never leave your purse or wallet in an easy-to-scan place. Get rid of all of the excess credit cards that you don’t use and lower the chances that one of them will be compromised.
  • For added protection, especially for your Passport (which carries a much higher volume of very sensitive information), consider purchasing a sleeve or shield that makes RFID scanning less likely.

But whatever you do, don’t buy into the hype and paranoia just because a video has gone viral on YouTube.

John Sileo speaks professionally on identity theft, data breach, social networking exposure and fraud. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include Fox and Friends. Learn more about having him deliver a high-content keynote speech at your next meeting or conference. Contact him on 800.258.8076.

Electronic Pickpocketing Hype Banks on Your Fear!

, ,

Electronic Pickpocketing is Possible, but Over-Hyped.

There is a new wave of hi-tech identity theft that allows thieves to steal your credit card information using inexpensive technology to intercept credit card (and sometimes even passport) information without even touching your wallet. Watch the video to the left or read our Electronic Pickpocket post to learn the basics.

And make sure you pay attention to the fact that the person they are interviewing for the news piece in the video MAKES MONEY FROM YOUR FEAR OF ELECTRONIC PICKPOCKETING! The gentleman they interview runs a company that makes shields for your credit cards and passports to stop electronic pickpocketing. I’m not saying that the products don’t work or aren’t somewhat valid; I’m saying that you have to take this gentleman’s perspective into consideration before buying the hype. He benefits from your fear, so do a little more research before you go gettin’ all paranoid.

The amount of hype this old form of theft is receiving (yes, this has been possible for years, despite all of the attention it’s getting now) is a bit overblown. Here are just a few reasons why:

  • The person being interviewed in the video benefits from your fear of electronic pickpocketing.
  • When a thief steals this information from you, they generally get your credit card number, expiration date and quite possibly your name. They DO NOT get your 3-digit security code or address. This is the same amount of information that the average waiter or retail clerk gets simply by looking at your card.
  • Because they don’t get your 3-digit security code or address, it is much more difficult for them to use the credit card number to make purchases on the internet, as most sites require some form of address verification or 3-digit security confirmation.
  • Only a fraction of cards utilize the RFID/Contactless Swipe technology, lowering your chances significantly.
  • As long as you catch your card being used fraudulently (see the protection suggestions below), you will not be held liable for the losses, the business that accepted the illegal card will. Even if your information is used to make a new card, if you are monitoring your identity properly, your out of pocket will be minimal.
  • Most cards only transmit 2-3 inches, which means that someone has to get a laptop-sized bag within two inches of your purse or wallet. This isn’t impossible, but it takes a fair amount of time and skill (notice how the news report doesn’t show them doing it without asking the people first). In most cases, this amount of work is too time intensive for the identity thief – it’s more lucrative to hack into a system that contains hundreds of thousands of credit card numbers (and other information) all in one place.
  • Fraud departments in credit card companies have come a long way. Most credit card companies are able to detect fraud on your card faster that you can. More secure credit card companies will call to confirm suspicious purchases or purchasing patterns.
  • If you want to get technical, which you probably don’t, credit card theft isn’t actually identity theft. They don’t have access to the personal items they need to actually steal your identity.

But it can happen, and it’s worth preventing. Which is simple:

  • First, check to see if you even have credit cards with the ability to beam your information to an RFID receiver (look for the circled symbol in the photo to the right). If not, stop worrying and just monitor any future cards you receive.
  • Second there are sleeves and wallets built to protect your cards and make them unable to scan and be lifted. Several companies, like Checks Unlimited make RFID wallets & products that shield the electromagnetic energy necessary to power and communicate with contactless smart cards, passports, and enhanced drivers licenses.
  • Next, set up account alerts and monitor your statements to cover yourself in the small chance that it happens to you. That way if your credit card is compromised, you can detect it immediately and take the necessary steps to contact the bank, report the fraud, and cancel the card.
  • If you are worried about having a credit card that can transmit your personal information, call your credit card company and ask them to send you a card that doesn’t transmit or have RFID capabilities (you know it transmits if it has the small broadcast or sonar icon circled to the left). Get rid of the source of the fraud!
  • Never leave your purse or wallet in an easy to scan place. Get rid of all of the excess credit cards that you don’t use and lower the chances that one of them will be compromised.
  • For added protection, especially for your Passport (which carries a much higher volume of very sensitive information), consider purchasing a sleeve or shield that makes RFID scanning less likely.  Checks Unlimited offers a wide variety of these types of RFID blocking sleeves & cases.”

But whatever you do, don’t buy into the hype and paranoia just because a video has gone viral on YouTube.

John Sileo is the award-winning author of two identity theft prevention books, Stolen Lives and Privacy Means Profit (Wiley, August 2010) and America’s top Identity Theft Speaker. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.

Electronic Pickpocket Video – Identity Theft Expert

,

There is a new wave of Hi-Tech Identity Theft that the average person has no idea is possible. Identity Thieves are able to steal your credit card information without even touching your wallet.

RFID, or radio-frequency identity technology was introduced to make paying for items faster and easier. What many probably didn’t expect is that the same technology can be used by thieves to get your payment information just as easily. All major credit cards that have this technology have a symbol (pictured to the right). It means that your card can communicate via electromagnetic waves to exchange data (your credit card number) between a terminal and an electronic tag attached to an object, for the purpose of identification. With a quick scan of the card, the same way you would scan it to pay for items,  all of your payment information is directed towards a source or identity thief’s computer in this case.

With a laptop and an antenna, it’s possible that a virtual pickpocket can steal credit card information, without ever touching their victim.  All that is needed is a credit card reader that you can purchase online and a laptop computer. With a simple scan the crook can lift your credit card number, expiration date, and in some cases your name. Since 2006 all U.S. passports also have RFID technology so identity thieves are able to scan those just as easily and pick up more personal information in order to rip you off. These passports contain specific contact information as well as date of birth.

The statistics on this type of theft are not available because the detection rate is low and it is so new. There would be no way right now to prove that this method was used over other similar methods that steal your card information. There are a few ways you can protect yourself.

First, set up account alerts and monitor your statements. That way if your credit card is compromised you can detect it immediately and take the necessary steps to contact the bank, report the fraud, and cancel the card. Second there are sleeves and wallets built to protect your cards and make them unable to scan and be lifted. Several companies make products that create an RFID shield by blocking the electromagnetic energy necessary to power and communicate with contactless smart cards, passports, and enhanced drivers licenses.

Before you finish this article, pull out all of your cards to see if they have the sonar symbol above. Even one of these puts you at risk.

John Sileo is the award-winning author of Stolen Lives and Privacy Means Profit (Wiley, August 2010), a professional Financial Speaker and America’s leading identity theft expert. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.

Operation Get Rich or Die Tryin' Still Lives

albert-gonzalez

Albert "Segvec" Gonzalez

Operation Get Rich or Die Tryin is the name that Albert Gonzalez gave to his scheme of stealing more than 130 million credit and debit card numbers from you and me. Today, Gonzalez, along with two unnamed Russian conspirators, was indicted in the state of New Jersey. Gonzalez, known by his alias of Segvec, was part of a cyber-crime ring that hacked into the computer systems of at least five major companies, including Heartland Payment Systems, 7-Eleven, TJMAXX, Hannaford Bros. Super Markets and Dave & Busters.

This is likely the largest case of identity theft ever prosecuted, comprising more that 130 million card numbers

Tactics: Gonzalez and his conspirators reviewed Fortune 500 Companies, performed reconnaissance on their retail stores, determined weaknesses in their payment systems and then utilized malware (malicious software) to intercept credit card numbers, expiration dates and names as they were transmitted from company to company

The crimes occurred between 2006-2008

In the strangest twist, it turns out that Albert Gonzalez was an informant for the Secret Service… on a card theft case. He took part in an undercover operation dubbed “Operation Firewall” that netted the arrest of 28 criminals (excluding himself) in 2004. After the operation was completed, Gonzalez took on the nick (nickname) of Segvec, moved to Miami, and took up his criminal ways once again.

Lesson #1: IDENTITY THEFT IS TOO EASY and too profitable to give up. Lesson #2: The Secret Service just got socially engineered! They allowed an enemy inside the gates and gave him intimate knowledge of an operation that taught him how to up the stakes and go undetected for years.

His Russian counterparts will likely never be caught or prosecuted, and will make use of everything they have learned from the latest indictments. Somewhere in the case, there is a weakness they will exploit. Operation Get Rich or Die Tryin isn’t exactly dead.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To further bulletproof yourself and your business, learn more about John Sileo.