Posts

Beware Disaster Scams in the Wake of Hurricane Harvey

Identity thieves prey on those who are most vulnerable. You may be in the process of cleaning up your lives, but predators running disaster scams may want to clean up on you by stealing your valuable private information.

As we learned from Hurricane Katrina and Superstorm Sandy, one of the most despicable side effects of a natural disaster is the massive increase in reported cases of identity theft in the affected areas. Thieves take advantage of those who are vulnerable, and those who have suffered flooding, wind damage and the effects of the storm are more vulnerable than ever. Imagine how devastating it would it be to apply for a line of credit to help your family recover from the storm only to find out that your entire net worth now belongs to a thief.

Here are some of the highest priority actions for victims of Hurricane Harvey to take once they have taken care of their immediate safety needs.

Secure your personal information immediately.  Clean-up crews will be heading to the area. MOST are good-hearted volunteers, but some are coming with the intent of looking for physical clues to help them steal identities.  In your distress, you may not even know what to think of.  Be sure you’ve accounted for:

  • Social Security cards, statements or related documents
  • Birth certificates, passports and drivers licenses
  • Wallets, purses, checkbooks and boxes of extra checks
  • All financial records, including bank, brokerage, mortgage, credit card, and insurance
  • All digital devices containing sensitive information, including laptops, computers, smartphones, iPads, etc.

Beware of people offering “help” falsely using recognized names like FEMA or Red Cross.  Organizations like this will never contact you; the only time they ask for money or any personal information is after you have contacted them.  The key here is to be skeptical if anyone is asking for your personal information, even as part of emergency relief. Ask enough questions that you can verify who they are, their intentions and their credibility. Do not just give away information in exchange for a promise (e.g., “This is how you will get a reimbursement from the government”). Make sure they are who they say they are.

As a side note, for those of you who are not disaster victims but want to help, the same rule applies: you should contact the agencies.  Don’t fall for phone solicitations or pleas via email that may lead you to fraudulent websites. One key to look for is “.org” that most non-profits use rather than “.com” in the address.

Beware of fly-by-night contractors offering cheap or quick repairs.  To protect yourself, check on the business.  Make sure they have a permanent business address, carry insurance, and have been in operation for more than a year.  Very importantly, get a written contract before you give out any money!

Place a Fraud Alert on Your Credit File. Immediately place a Fraud Alert with all three credit-reporting bureaus (listed below). This is only a temporary solution, but a necessary step. Once the water has receded, consider freezing your credit.

Order & Monitor Your Credit History. By law, you are entitled to one free report from each agency once a year. The easiest way to get a report is to visit AnnualCreditReport.com or call 1-877-322-8228. You can also request your first report when you are placing a Fraud Alert on your account in Step 1, above. Review your credit report for signs of theft or fraud. If you discover irregularities (accounts you never opened, loans that aren’t yours, credit cards you don’t recognize), contact the credit bureau immediately to report fraud, as well as the company listed in the credit report.

Monitor Your Statements Online. Half of the battle in minimizing identity theft is catching it quickly after it happens. Online bank, credit card and brokerage statements will allow those with Internet access to monitor and detect suspicious transactions on a daily basis. If you have access to the Internet, check your bank, credit card and investment statements to make sure that you recognize every transaction.

Resist the temptation to click on photos from questionable sites.  We are a society that thrives on sensationalized images.  However, some of those dramatic photos we want to know more about are infected with malware.  Stick to legitimate news sites and be especially wary of links on social media sites.

Remember to make safety a priority in every area of your life as you work your way through this trying time.  Our hearts are with you.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Is CHIP & PIN Credit Card Security Worth $100M? (Are You Serious?)

,

I’ve had dozens of media requests for interviews and countless more email inquiries from people concerned about the Target data breach.  At first, everyone just wanted to know details of how it happened, how big the breach was, and what they should do about it if their credit cards were at risk.  Now that the initial shock of it is over, we are on to a bigger question:

How do we keep breach from negatively affecting so many Americans? 

Breach will always happen. If it’s digital, it’s hackable. It’s coming to light that the Target breach may have been due to the computer access an HVAC WORKER (no, not an entire company, an individual WORKER) had to Target’s systems. While there is no guaranteed way of preventing fraud, there is a pretty reliable answer out there, and it’s been around for decades.  That answer is for the US to finally catch up to more than 80 countries around the world and start using chip and PIN enabled credit cards, also known as EMV, smart cards, or microchip cards.

By placing microchips in credit cards, it makes it much harder for criminals to clone the cards than the relatively easy-to-crack magnetic stripes.  Chip cards take the cardholder information and turn it into a unique code for each transaction. They also often require additional authentication, such a personal identification number, or PIN. So in the case of the Target breach, the stolen data couldn’t be used to easily create duplicate credit cards, drastically reducing the value of the stolen data. The possibility for online abuse of the numbers (known as Card Not Present transactions) would remain a threat from the breach, but it would be a fraction of the problem (and solvable in other ways).

France has been using this technology since 1982, the UK since 2001, and Canada since 2007. In the first five years after the UK started using chip & PIN, fraud went down 70%.  In that same time period, the cost for fraud in the US had DOUBLED. It’s not that the technology is perfect, it’s that the increased security convinces criminals to target those who don’t use the technology (which to this point has only been, well, the United States). 

If there is such a great guarantee on fraud reduction by switching to chip and PIN cards, why is the US resisting it?  The answer:  MONEY.  Banks, credit card companies, and retailers have been caught in a battle of wills for many years now, with retailers not wanting to spend money on installing new chip-friendly card readers unless banks are committed to spending money on issuing new cards.

The cost of implementing the card system can be staggering. Target is expected to spend around $100 million to install new chip card readers in an effort to protect against cyber theft.

So is it worth $100 million to implement chip and PIN technology?

Without question. And even Target thinks so, or at least it did ten years ago when it was at the forefront of implementing chip & PIN technology.  From 2001-2004 they spent $40 million to adopt chip-based credit-card technology and installed 37,000 new point-of-sale terminals to handle chip cards across its U.S. stores.

Ultimately they backed out because their marketing strategy at the time just didn’t catch on with consumers and because it was taking “A FEW SECONDS” longer per customer to get through the line.  I don’t know about you, but I’d wait an extra two seconds in order to know my data is secure.  And I bet Target victims would take back the time it is taking them to change their credit card information with every online site or monthly automatic payment company their now-compromised card was used for.

To put the cost in perspective, $100 million is about $1.00 per Target breach customer. I bet the average credit card holder would be willing to foot the $1 bill to dramatically reduce their risk (even if it’s not a perfect solution). In fact, the cost of fraud gets passed on to customers anyway (higher credit card rates, higher retail prices), so why not spend that same money (or far less, in fact) on securing the transactions in the first place? 

  • A survey of 936 credit unions indicates the Target breach has cost credit unions an average of about $5.10 per card affected by the security lapse.  The Credit Union National Association said these costs most likely do not include any fraud losses, which are likely to occur later.
  • In 2012, the Ponemon Institute’s annual study showed the average cost of a data breach in the US is $188 per person notified.
  • For credit issuers, the average cost per record breached is set at $280.
  • Aite Group reports that card fraud in the U.S. already costs the card payment industry (primarily issuers) $8.6 billion a year.

 You tell me if it’s worth it! (Seriously, I want your thoughts and comments below)

How do we get there?

It seems crystal clear to me that fraudsters have gotten so sophisticated that we either need to join together (retailers, banks, and credit card companies) or we will fail to stop this trend of Mega-Breaches.  Pardon the pun, but clearly we have put the “target” on our own backs; criminals have increasingly focused on the US because we are so far behind.

James Dimon, CEO of J.P. Morgan Chase sees this as an opportunity for real change.  He said,  “All of us have a common interest in being protected, so this might be a chance for retailers and banks to for once work together, as opposed to sue each other like we’ve been doing the last decade.”

I see 4 overarching steps that need to be taken:

  1. Retailers, credit card processors, banks, VISA, MasterCard and American Express need to stop focusing on their own self-interest (profit) and start to work together for the common good. Of course, they won’t do this without incentive, so…
  2. Congress should create  a U.S. equivalent of the U.K. Card Association that sets policy and has the authority to fine those stakeholders who fail to act.
  3. In other words, we will need legislation to ensure that the “liability shift” dates projected for 2015 are met.  This means that if credit card companies have issued chip and PIN cards, but retailers have not installed machines to read them, the merchants would be held accountable for any losses due to fraud.
  4. Everyone needs to understand that there will be costs associated with the change, just like there are costs when you install a security system, a lock on a door or a vault in a bank.

Will chip and PIN cost retailers? Yes. Will chip and PIN cost banks? Yes. Will it cost consumers? Yes. Will it cost (in total) as much as the fraud resulting from even a single major breach like Target. NO. It’s time to start thinking about security from a long-term perspective, and long-term profitability will follow.

John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on Rachael Ray, 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Cyber Security Expert John Sileo on Fox Money

Over 90% of Rachael Ray Show Audience Faces Identity Theft Risks

Recently, I was asked to do a segment for The Rachael Ray Show that demonstrated very visually how many audience members face immediate identity theft risks. Watching them move across the stage as we exposed two or three common sources of identity theft was remarkable. Once we had experienced the numbers, we ventured into the house of one of Rachael’s audience members to see how to mitigate the risk. Watch the video to see if you would have joined the “at risk” group, or read the transcript below:

Rachael: We had the audience stand back here because we all carry several items on any given day, EVERY given day, that put us at risk.  So John, you’re going to weed out our audience so we can all learn in how many areas we are seriously at risk if we have certain items on us, correct?

John: Perfect.

Rachael: Okay, how are we going to get them started?

John: The first one is your Social Security card. If you carry your Social Security card.

Rachael: If you have your actual your Social Security card, I’d like you to cross the room and come to this side of the studio.  (Audience members cross.)  A few people–not many.  I don’t carry mine, either.

John: A few have got it.  A lot of us do it.

Rachael: To me, Social Security numbers- they ask for them everywhere. The bank, the doctor–everywhere.  I know the number.  I don’t carry the card, but it is like your signature.

John: It is.  It’s your net worth.  It’s your future buying power, so a thief with a Social Security number–they can buy a home as you.  That’s what happened in my case.  They purchased a home.  They go bankrupt as you.

Rachael: A house?

John: Yes, she bought a house.  It was a woman.

Rachael: Just like in the movie! That is amazing.  And a woman took your Social Security number and it didn’t even occur to anybody- it’s not a man named John?

John: I know and then went bankrupt-as me.

Rachael: Oh my God–I just want to feed you spaghetti!  Okay, I think we’re going to move a lot of people on this next item.  Tell them the next item.

John: Yes.  If you have a smartphone without a passcode on it.  So without the four digit code or some sort of a passcode.

Rachael: If you have an unprotected phone, move it.  (Many audience members move.)  I knew we’d get a lot of them on that one.  Okay, now explain why you’re even more at risk without a passcode, even though it’s fairly obvious.

John: You bet.  So the smart phone is part of who we are, right?  It’s become an extension of ourselves.  It’s literally part of our identity.

Rachael: Access to everything.

John: Let me give you an example of how easy it is.  The thief takes it off the table at a cafe, right?  They walk outside- no passcode on it.  So they quickly surf through your websites or your contacts.  They see where you bank.  Then they go, ON THAT PHONE, to the bank’s login page and they hit the “forgot my password” link…

Rachael: And it sends it to you!

John: And it emails it to the thief!

Rachael: AGGGHHH!

John: They’re right in your account.  Bam! It’s that easy.

Rachael: One more thing.  We’ve gotta move more people.  Give us one last item that puts us at risk that you think most, if not all, of these people have.

John: If you have a debit card or bank card. (Almost everyone else crosses room.)

Rachael: Now everybody has to have their bank card with them.  I carry mine, too.  Don’t you carry one?

John: I don’t.  I’m not saying you can’t carry a debit card or a bank card.  It’s how you carry it.  It’s that you’re smart with it.  Your debit card, your checkbook, connects directly to your bank account.

Rachael: (Looks at remaining audience members who didn’t move.)  We have about ten/twelve people left.  You guys don’t have any bank or debit cards on you?  Wow, That’s amazing!

John: It’s doable.  Use your credit card.  I realize it’s a great budgeting tool, but if you can get it out of your purse when you don’t need it…lock it up at home- just like you do your Social.

Rachael: Get cash once or twice a week.  Leave the card at home and carry credit cards that have protection.

John: Yes, you have much better protection liability-wise.  The money doesn’t come directly out of your  account when it’s stolen.

Rachael: It’s amazing.  I love the visual of watching the risk factor.

New segment 

Rachael: We wanted to take this a few steps further.  We didn’t have time to go to every single person’s home here, so we sent you to one of our viewer’s homes to find the places in our homes where we’re putting ourselves at even more risk, right?

John: Yes, at Lisa’s.

Rachael: So, he went to Lisa’s house.  We’re going to have these guys take a seat.  You check out what happened at Lisa’s and we’ll meet back here.

Video

(Shows family activities at Lisa’s house.)

Lisa:  I”m a wife and a mother of three and I just want to do everything I can to protect my family.  About a year and a half ago we were victims of identity theft.  You feel like your whole life has been stolen from you. At first when that identity theft happened, we were taking steps.  We put alerts on with credit reporting agencies, but I think I fell back into being more lax about it.

(John arrives at Lisa’s house.)

John:  So our plan of attack today with Lisa is to take her around the house and we’re just going to look at the different ways her data might be exposed.

(In her office)

We’ve got a file cabinet…a locking file cabinet that undoubtedly is …unlocked.   (It is. John looks through items) Birth certificates…

Lisa:  I try to hide it.

John: You try to hide it, yeah, but we all hide it in the same way.  What I really suggest is a locking fire safe.  You can buy these big, heavy safes that protect against water and fire, but they also allow you to store these documents in a really safe way.

(On to Kitchen)

Lisa:  My purse is over here.

John: Wow.  What is this, an organizer?  (Huge, overflowing wallet)  You keep your life in here, don’t you?  Let’s see what we’ve got.  Debit cards, multiple credit cards…I would get in the habit of thinking, “Okay, I’m going out to do this shopping.  What cards do I need?  Take the cards that you use most often and get in the habit of leaving the rest at home.  On a credit card or debit card, one thing that I recommend is that you simply write Photo ID Required on it.  It lets the retailers know, “Hey, my identity matters.  Ask for it.”  It makes it harder for someone to shop and impersonate you. (Continues to look through wallet) Cash-we don’t worry too much about that.  It’s really the data that we’re looking at. And a lot of times the thieves will take the cash, they’ll take photos of this (other cards/data), and they’ll put it all back.  They don’t want you to know they’ve taken it.

Lisa: I didn’t even think of that.

(They head outside to Lisa’s trash can.)

John: You have to be really mindful of what we leave outside of the door.  We put things in our trash that are incredibly valuable.  This is called dumpster diving.   (John looks through trash.) This looks good here.  Looks like a bank statement, we’ve got an insurance statement.  We’ve got a credit card statement.  It has your full account number on it-right there. Bonanza!  You also need to shred anything with any identity on it.

(Moves to mailbox- unlocked out on the street)

Do you mind if I go through your mail a bit?

Lisa: Not at all.

John: Allright, so here’s a pre-approved credit card offer.  This makes it really easy for somebody to apply for a credit card in your name.  There’s an easy solution.  It’s called opting out.  You can opt out of financial junk mail so it’s never in your mailbox in the first place.

Lisa: I didn’t even know you could do it.

John: You should take this now and shred it.  Everything that you can shred, you shred.

(Moves to Lisa’s computer.)

John: I love talking to people about their computers because it is the jackpot in the house of all our financial information.  I was glad to see that you have a password to get in.  That way if somebody walks out with the box, it’s a little more protected.  Do you shop online at all?

Lisa: Yes, I do.  I shop online a lot.  I’ve been using my debit card a lot more lately.

John: Okay, shopping online- I’m totally good with.  Using your debit card is risky.  It’s connected to your bank account.  I recommend you use a credit card and, in fact, I think it’s smart to have a separate credit card you use online and a credit card you use out and about.  That way if something happens online, you can shut down the one card and you’ve kind of cordoned it off.

(Back to studio.  Rachael welcomes Lisa and introduces Privacy Means Profit.)

Rachael: The biggest thing that I got out of that segment that I want to do immediately when the show is over–putting the stickers on every single front of my credit card or debit card (that says) “Ask for Photo ID”.  You said everyone ignores it on the back, but everyone demands it on the front.

John: That’s exactly right.

Rachael: Everyone could buy “stickems” and that’s a really good one.  That’s so easy and fantastic.  So Lisa, that was enlightening. Thank you for letting us into your home.  What did that feel like from your side of it?  Did you feel like “Uh!” (slaps forehead) “I can’t believe I did that”?

Lisa:  I couldn’t believe everything I was doing wrong.  John gave me such great tips- just little things you can do to protect your identity.  It was scary because I thought I was being more diligent than I was.

John:  We all do.

Rachael: That’s the thing. It seems so obvious when he puts a highlighter pen over it.   Then we all say “I do that, I do that, too.”  I love that sticker thing though.  Isn’t that a great tip?

Lisa: Yes.  Actually  I started to implement that.  That was the first thing I did.

Rachael: (To John) So, who are identity thieves?  What are the most popular types of identity thieves?

John: It breaks down into three big categories.  The first is friendly fraud.  It’s the people that we know.  I see these every week.  It happens constantly.  It’s the college roommate who visits who has fallen on hard times so they sneak a check out of the middle of your checkbook.  The second is the local.  This is the person in your neighborhood who is a drug addict, a gambling addict, they need a little extra money and they’re willing to filter through your trash or your mail to get it.  The third, the fastest growing one, is organized crime.  These are international people who have huge resources to hack into very secure databases.  These are not poor databases.

Rachael: They’re really investing in their crime with top quality computer programmers.

John: Absolutely, that’s exactly what they do.

Rachael: So, tell us about medical identity theft.

John: It’s so quickly growing because health insurance is really expensive, right?  Here’s one we see a lot of right now.  They wear a pair of Google Glass glasses that record, or they have an iPhone.  They walk through the emergency room where people are totally stressed out and they’re filling out forms and they’re looking at them.

Rachael: That is so creepy!

John: And listen to this one: photocopiers.  You have your doctor photocopy stuff- that has a hard drive in it and when someone services it…

Rachael: You’re giving me hives!

John: So you photocopy it at home.

Rachael: So how do you protect yourself from it?

John: Number one-those benefits statements that we get? Review them, just like you would your credit card statement.  If something is wrong, you shut it down.  You call them immediately.

Rachael: Pay more attention.

John: Yes, pay more attention.

Rachael: And guard what you’re writing.

John: Yes, they can be snapping photos.  A lot of times what I’ll do is put it on a sticky note and I’ll take it off after.  It doesn’t stay on their records, but it stays in the system.  It’s  a little bit better protection.

Rachael Ray Promo.jpg

Latest Tax Scams "Target" Data Breach Victims

,

irs scam alertIt’s no surprise that identity theft once again tops the “Dirty Dozen” tax scams put forth by the IRS for 2014.  They warn that if an identity thief has access to your personal information, such as your name, Social Security number or other identifying information, he or she may use it to fraudulently file a tax return and claim a refund in your name.  Think of the implications for the 110 million victims of the recent Target data breach as well as victims of the hundreds of other breaches at other retailers, universities, healthcare providers, government agencies and so on.

KrebsOnSecurity reports that the information from the Target breach alone has reportedly flooded underground black markets and cards are being sold from around $20 to more than $100 each.  This data is being sold in hundreds of online “stores” advertised in cybercrime forums.  A fraud analyst at a major bank was able to buy a portion of the bank’s accounts from such a store.

The twist this year is that telephone scams are being linked to the breaches as well.  There are many variations, but most involve criminals contacting a victim saying they are from the IRS and that money is owed.  They know the victim’s personal information such as Social Security numbers (from the stolen breach data), so it is very convincing.  They may demand payment be sent immediately, threatening anything from arrest to driver’s license revocation if non-compliant.

Then here’s the kicker, there is often a follow up call supposedly from the local police department or the state motor vehicle department (with realistic numbers on the caller ID using a “spoofing” technique) to scare the victim into action even more.  So far victims in nearly every state have fallen prey to this scheme to the cost of more than $1 million.

To read more about the characteristics of these scams and how to avoid them or get help if you think you’ve been a victim of this hoax, visit the IRS website.  In the mean time, remember what IRS Acting Commissioner Danny Werfel said in a press release: “Rest assured, we do not and will not ask for credit card numbers over the phone, nor request a pre-paid debit card or wire transfer.”

Also remember to guard well your personal information.  This tax scheme is just one example of how obtaining your personal information from one source makes it easier to socially engineer you in another way.  Be wary to be on the safe side!

John Sileo   [ Expert in the Art of Human Hacking ]

At The Sileo Group we make security sticky, so that it works.
We specialize in humorously-interactive keynotes that inspire human
 responsibility around privacy, technology and business risk. Interested?
Watch John engage and change an audience at the Pentagon, discuss
ID theft on the Rachael Ray Show or just listen to our satisfied clients.

303.777.3221 | Social Engineering | Identity Theft | Mobile Technology | Internet Privacy

“Jaw dropping content laced with laughter.”  – Homeland Security

Facebook knows what you said, EVEN IF YOU DELETE B4 POSTING!

delete keySelf-censorship on Facebook

Do you ever delete the words you type on Facebook before you hit post?

Have you ever started to type a status update that you thought was hilarious…until you realized your boss might not appreciate your 8th-grade humor? So what’d you do? You quickly hit the delete key and watched your comment disappear forever, right? Not exactly.

What if you are ready to make a snarky comment to Greg, the upperclass jerk who stole your high school girlfriend (and is about to get a divorce, ha ha), but decide to take the high road just before hitting the “post” button and instead, wish him well on his pending journey of love (despite the fact that it’s bound to fail)?

No harm done, right?  You never hit the post button, so no one ever saw it! Well, it turns out that’s not quite how it works in Facebook Land.

Sauvik Das, a Ph.D. student at Carnegie Mellon and summer software engineer intern at Facebook, and Adam Kramer, a Facebook data scientist, conducted a study of 5 million English-speaking Facebook users in which they studied aborted status updates, posts on other people’s timelines, and comments on others’ posts.  Specifically they looked at what they called “self-censored” texts, entries of more than five characters that were typed out, but not posted.

Now, let’s make it clear that the researchers did not reveal what the actual content of the posts they analyzed were – just how common it is for self-censorship to occur.  You see, Facebook stores information as you type, much like Gmail saves draft messages automatically as you type them.  In other words, it is definitely  possible for Facebook to store information on what you typed, whether you post it or not!

Why wouldn’t they want to see what you deleted – it’s the most honest version of what you think (and then think better of sharing as you step back a bit).

So far Facebook has not used the information for their own benefit, but they are very interested in it nonetheless.  As Das and Kramer put it: “Last-minute self-censorship is of particular interest to SNSs [social networking services] as this filtering can be both helpful and hurtful. Users and their audience could fail to achieve potential social value from not sharing certain content, and the SNS loses value from the lack of content generation.”  In other words, Facebook could be making money off of what you aren’t posting through lost advertising opportunities.

The lesson is a good one – be mindful of what you type on any social networking site, as it will always be somewhat public, permanent and powerful, EVEN IF YOU DELETE IT BEFORE POSTING. 

John Sileo makes privacy and security sticky, so that it works. He is the CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security as well as media appearances on 60 MinutesAnderson Cooper, Fox Business and The Rachael Ray Show. Contact him directly on 800.258.8076.

Biometrics are Like Passwords You Leave EVERYWHERE

biometrics,jpgBiometrics are like passwords, but worse.

Biometrics are like passwords that you leave everywhere (fingerprints, facial recognition, voice patterns), except that unlike passwords, you can’t change them when they’re lost or stolen. It’s easy to change your password, a bit harder to get a new retina. Like passwords, risk goes up as they are stored globally (in the cloud) versus locally (on a physical device).

In addition to the biometrics mentioned above that most of us have come to accept as commonplace, there are many other methods in use or under exploration:

  • hand geometry
  • vascular pattern recognition (analyzing vein patterns)
  • iris scans
  • DNA
  • signature geometry (not just the look of the signature, but the pen pressure, signature speed, etc.)
  • gait analysis
  • heartbeat signatures

At the 2014 Annual International Consumer Electronics Show, inventors displayed dozens of devices using biometrics, some of which will become just as commonplace as fingerprints in the near future, some of which will not catch on and be replaced by something even more amazing.  Some of the hot biometrics items this year:

  • Tablets that measure pupil ­dilation to determine whether you’re in the mood to watch a horror movie or a comedy.
  • Headbands, socks and bras that analyze brain waves, heart rates and sweat levels to help detect early signs of disease or gauge a wearer’s level of concentration.
  • Cars that recognize their owner’s voice to start engines and direct turns and stops, all hands-free.

(Do a search for “current biometric uses” if you want to be entertained for a while!)

Some less outlandish examples that are currently in place:

  • Barclays Bank in Britain utilizes a voice recognition system when customers call in.
  • Some A.T.M.s in Japan scan the vein pattern in a person’s palm before issuing money
  • World Disney World in Orlando, Fla., uses biometric identification technology to prevent ticket fraud or illegitimate resale as well as to avoid the time-consuming process of photo ID check.
  • Biometric passports contain a microchip with all the biometric information of holders as well as a digital photograph
  • Law enforcement agencies, from local police departments, to national agencies (e.g., the FBI) and international organizations (including Europol and Interpol) use biometrics for the identification of suspects. Evidence on crime scenes, such as fingerprints or closed-circuit camera footage, are compared against the organization’s database in search of a match.
  • Child care centers are increasingly requiring parents to use biometric identification when entering the facility to pick up their child.
  • And, of course, the most popular example has to be the use of fingerprint sensors on the iPhone 5s to unlock the devices.  It will also increasingly be linked to mobile payment services.

So, the million-dollar question is: Are Biometrics a Better Way to Protect Your Personal Identification?

The answer is yes…and no.

  • Biometrics are hard to forge: it’s hard to put a false fingerprint on your finger, or make your iris look like someone else’s.

BUT…

some biometrics are easy to steal.  Biometrics are unique identifiers, but they are not secrets. You leave your fingerprints on everything you touch, and your iris patterns can be observed anywhere you look.  If a biometric identifier is stolen, it can be very difficult to restore.  It’s not as if someone can issue you a new thumbprint as easily as resetting a new password or replacing a passport. Remember, even the most complex biometric is still stored as ones and zeros in a database (and is therefore imminently hackable). 

  • A biometric identifier creates an extra level of security above and beyond a password

BUT…

if they are used across many different systems (medical records, starting your car, getting into your child’s day care center), it actually decreases your level of security.

  • Biometrics are unique to you

BUT…

they are not fool-proof.  Imagine the frustration of being barred by a fingerprint mismatch from access to your smartphone or bank account.  Anil K. Jain, a professor and expert in biometrics at Michigan State University  says (emphasis mine), “Consumers shouldn’t expect that biometric technologies will work flawlessly… There could and will be situations where a person may be rejected or confused with someone else and there may be occasions when the device doesn’t recognize people and won’t let them in.”

The scariest part of the biometrics trend is how and where the data is stored.  If it is device specific (i.e. your fingerprint data is only on your iPhone), it’s not so bad.  But if the information is stored on a central server and unauthorized parties gain access to it, that’s where the risk increases.  A 2010 report from the National Research Council concluded that such systems are “inherently fallible” because they identify people within certain degrees of certainty and because biological markers are relatively easy to copy.

I also feel compelled to mention the inherently intrusive nature of biometrics.  While it’s true that using facial-recognition software can help law enforcement agencies spot and track dangerous criminals, we must remember that the same technology can just as easily be misused to target those who protest against the government or participate in controversial groups.  Facebook already uses facial recognition software to determine whether photos that users upload to the site contain the images of their friends.  Retailers could use such systems to snoop on their customers’ shopping behavior (much like they do when we shop online already) so that they could later target specific ads and offers to those customers.

How long before we have truly entered into Tom Cruises’s Minority Report world where we are recognized everywhere we go?   “Hello Mr. Yakamoto and welcome back to the GAP…”

John Sileo is an author and highly entertaining speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on Rachael Ray, 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Identity Theft Expert John Sileo on The Rachael Ray Show

,
Click to Watch the Video

Click the Photo to Watch the Video on the Rachael Ray Site

We wanted to share some good news! John will be appearing on CBS’s The Rachael Ray Show this Wednesday, January 29 to talk about the latest identity theft trends and threats. Watch a trailer of the show or find out when and where it airs in your area.

Rachael asked John to go into one of their audience members homes and pick it apart from a privacy standpoint. John took a look at everything, from items hidden under the mattress to filing cabinets, trash cans, computers, mobile devices and more. If you want to learn how to bulletproof your home and self against identity theft, tune in tomorrow morning to The Rachael Ray Show (CBS).

John Sileo is an author and keynote speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.

 

 

Identity Theft Speaker Shares Latest Statistics on Cost of ID Theft

id theft costI got my start as an identity theft speaker. I write and speak on the importance of being vigilant about protecting yourself from identity theft and online fraud from many angles: the stress of trying to reestablish your credibility, rebuilding relationships, regaining control of your personal information, perhaps even fighting to stay out of jail as I had to do. So while I’m an identity theft speaker, my motivation is always completely human. We as humans make flawed decisions about how we fail to prepare for things like identity theft. We as humans are the ones that make the difference in fighting this crime. As it turns out, our wealth is at risk.

According to the Bureau of Justice Statistics (BJS), there is one more important reason to be especially careful: financial implications.   In the latest National Crime Victimization Survey, identity theft cost Americans $10 billion more than all other property crimes.  To be exact, identity theft cost Americans $24.7 billion compared to just $14 billion for household burglary, motor vehicle theft, and property theft combined.  The $24 million is made up of direct losses (money thieves got by misusing a victim’s personal or account information) and indirect losses (such as legal fees and bounced checks), with the majority coming from direct losses.

Now, you wouldn’t dream of going off for the night and leaving your front door wide open, or leaving your car keys in plain sight, but how many of us do the equivalent with our identities? Do you surf on free WiFi at your favorite café, while in the airport or at your hotel? Have you locked down your smartphone with a passcode, limited location tracking and turned on the built-in privacy and security settings? Have you ever customized the share settings in your favorite social network? Maybe not.

Here are some key points from the BJS report:

  • 85% of theft incidents involved the fraudulent use of existing accounts, rather than the use of somebody’s name to open a new account.
  • People whose names were used to open new accounts were more likely to experience financial hardship, emotional distress, and even problems with their relationships, than people whose existing accounts were manipulated.
  • Half of identity theft victims lost $100 or more.
  • Americans who were in households making $75,000 or more were more likely to experience identity theft than lower-income households.

Identity thieves have also begun targeting smartphone and social media users, knowing that user ignorance and the learning curve associated with using sites make it easy to hit the bull’s-eye.

In addition, the increase in occurrences of data breaches puts us even more at risk.   Javelin Strategy & Research found that someone who is a victim of an online data breach becomes 9.5 times more likely to have their identity stolen.

For solutions to these and many other identity theft and data breach problems, check out identity theft speaker John Sileo’s book, Privacy Means Profit: Prevent Identity Theft and Secure Your Bottom Line.

John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Target Data Breach Touches 40 Million In-Store Shoppers

, ,

If you are one of the 40 million customers who have used a credit or debit card at Target stores in the United States between November 27 and December 15, you’d better start checking your accounts for fraudulent activity.  Target confirmed that the data stored on the magnetic strip of cards (customer names, debit or credit card numbers, and card expiration dates) were taken, along with the three-digit security codes  (CVVs) often imprinted on the backs of cards.

The type of data stolen would allow thieves to create counterfeit credit cards and, if pin numbers were intercepted, would also allow thieves to withdraw cash from ATM machines.  Only in store purchases are at risk, so online shoppers need not worry.

Target spokeswoman Molly Snyder would not comment on how customers’ data were stored or encrypted prior to the attack, saying that would be part of the ongoing investigation.  Target immediately notified law enforcement authorities and financial institutions, and the issue is being investigated by the Secret Service and a third-party forensics firm.

This breach is one of the largest ever of American consumer data, nearly matching that of TJX (TJ Maxx and Marshalls stores), which experienced a data breach in 2007 that affected more than 45 million customers.  2013 has been a particularly bad year for breaches overall.  Overall, one in four Americans have been told that some personally identifiable information has been lost or compromised because of data breaches, according to a recent report from Experian, and the pace of attacks is expected to continue rising through 2014.

In a letter sent to Target customers, Target officials say those who have noticed irregular activity on their accounts should call the firm at 866-852-8680.  In addition, all Target shoppers should:

  1. Review their credit card activity online on a daily basis to monitor for suspicious activity.
  2. Set up automatic account alerts with your credit card provider to quickly detect any misuse of cards.
  3. Visit AnnualCreditReport.com to see if there are any newly established, fraudulent accounts set up.
  4. Cancel your credit card if they notice any suspicious behavior. If it’s a debit card, I would cancel it no matter what given that it connects directly to your bank account. Make sure to transfer balances, miles and to switch any auto-pay accounts to the new card.
  5. Freeze your credit with the 3 credit scoring bureaus.
  6. Consider ID Theft monitoring services to help you keep track of abusive behavior of your information online.

John Sileo is an author and highly engaging speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to defend the data that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

10 Times NOT To Use Your Debit Cards this Holiday Season!

,

do not use debit cardAs you head into the holiday season, one of the best steps you can take to protect your bank account is to eliminate the use of your debit card. While delivering a keynote speech in Washington DC last week, someone asked me if I could name ten times when you should NOT use a debit card.  I replied, “It’s a trick question because the answer is NEVER!” I seriously do feel that way, but I know there are people who either need to or prefer to use a debit card rather than a credit card or cash, so I want you to be informed about how to use it wisely.

First, make sure you understand the difference between a credit and debit card.  While they appear identical and can often be used interchangeably, remember that a debit card is a direct line to your bank account.  If a thief gets ahold of your debit card information, they essentially have access to your account.  One of the biggest differences comes to light when fraud occurs.  Credit card users can simply decline the charges and not pay the bill.  Debit card fraud comes straight out of your bank account and is much harder to fight or reclaim the money that as been debited. In the meantime, while you prove it was fraud, you’re out the cash.

Here is a Top Ten List of times to choose credit over debit.

10. Booking future travel

If you book your travel with a debit card, they debit your account immediately,. So if you’re buying travel or making a reservation that you won’t use for several months, you’ll be out the money immediately.  Also consider that many large hotels have suffered data breaches.

9. Hotels

Many hotels follow the practice of using your debit card to place a hold on your money (sometimes hundreds of dollars) to make sure you don’t run up a long distance bill, empty the mini bar or trash the room. The practice is almost unnoticeable if you’re using credit, but can be problematic if you’re using a debit card and have just enough in the account to cover what you need.  Be sure to ask about their “holding” policy if you are using a debit card.

8. Expensive purchases

This one is simple.  If something goes wrong with the merchandise or the purchase, a credit card offers rights to dispute and stop payments much easier than a debit card. You have a much shorter window for reporting and resolving an issue and may even be responsible for all charges if you wait too long.

7. Rental or security deposits.

Say you want to rent a car or borrow a Bobcat from your local home improvement store.  Remember that when you use a debit card to put down a deposit, that money is temporarily unavailable to you.  Of course, you’ll get the money back when you return the car or equipment, so this is no big deal if you have the money to spare until that time. But with a credit card, the money is just “frozen” and not actually charged so you won’t ever notice it’s gone.

6. Regular/recurring payments

You’ve heard about someone who quit a gym or discontinued a magazine subscription only to find that they kept getting billed. If you used a debit card for those payments, they’ll just keep coming right out of your bank account.  (Using a credit card is also a good way to ensure you don’t forget to make that monthly debit in your check register!)

5. Wi-Fi hot spots

Never use your debit card for an online purchase while at a coffee shop or other business that offers free wi-fi access.  Many of those businesses have unsecured wireless connections, so it’s much easier for hackers and scammers to log on and steal your data.

4. Restaurants

Anytime the card leaves your sight, you should NOT use your debit card. The waiter coming to your table has alone time with your card, giving them the opportunity to copy your card information.

This also applies to ordering food for delivery.  Restaurants that deliver tend to keep customer payment information on file in order to make future orders more convenient.

Another problem with using a debit card at restaurants is that some establishments will approve the card for more than your purchase amount because, presumably, you intend to leave a tip. So the amount of money frozen for the transaction could be quite a bit more than the amount of your tab. And it could be a few days before you get the cash back in your account.

3. Outdoor ATMs

Outdoor ATM machines provide the perfect opportunity for thieves to skim users’ debit cards.  Skimming is the practice of capturing a bank customer’s card information by running it through a machine that reads the card’s magnetic strip. Criminals place these machines over the real card slots at ATMs and other card terminals.  If the public has access to it, so do data criminals.  Use the ATM just inside the bank where it is under constant surveillance. And no matter what, look for devices or cameras on the ATM machine that aren’t normally there.

2. Gas stations

Every gas pump asks, “Credit or Debit?” these days.  Don’t choose the debit option!  Go inside and pay cash if you choose not to use your credit card!  There are three reasons.  One, it’s fairly easy for a thief to insert a skimmer and then sit nearby with a laptop accessing your information.  Even if the thief doesn’t manage to get your debit card personal identification number, or PIN, from such a device, he still may be able to duplicate the card’s magnetic strip and use it for “sign and swipe” Visa or MasterCard transactions.

Thieves can also sit nearby using small cameras to capture footage of debit card users entering their PINs. Finally, similar to the hotel example above, your debit card may be used to place a hold for an amount larger than your actual purchase.   So, even though you only bought $10 in gas, you could have a temporary bank hold for $50 to $100, says Susan Tiffany, director of consumer periodicals for the Credit Union National Association.

1. Online

Using you debit card online is like asking for your bank account to be emptied. There is just way too much potential for hacking at many different points in a transaction.  It could occur due to malware on the computer, someone could be “eavesdropping” via a wireless network, or it could happen once in the hands of the merchant due to a data breach.  If you have a problem with the purchase or your debit card number is stolen, it’s a huge hassle to get the money restored to your account and make your card number safe and secure again.

Keep it simple and just always use a credit card. I realize that it is easier to spend more money when it’s not coming directly out of your account, but it’s better to resist the temptation to spend for the added security provided. 

John Sileo is an author and highly engaging keynote speaker on internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.