Worried your debit or credit card information may be compromised? Here’s what to do.

By | August 4th, 2014|Uncategorized|

pf_changsHave you eaten a P.F. Chang’s lately? If so, you may want to check your email. This morning the restaurant chain sent out emails to customers that dined at 33 of the chain’s 211 locations between October 19, 2013 and June 11, 2014 saying that their credit and debit card information may have been stolen. Austin’s Jollyville location was one of the restaurants included in this breach.

If you think your card may have been compromised in this breach, or if you want to protect yourself from future instances of data theft, here are a few tips to consider:

  • Use an identity monitoring service: Keep an eye on personal information with an identity protection service. An identity protection service can alert you when your personal information has been compromised and give you the opportunity to alert your bank or the credit bureaus before a cyber criminal can use it against you. P.F. Chang’s has a dedicated page to security updates for consumers to follow with links to FAQs and how to enroll in the identity theft monitoring service they are offering. To learn more, visit https://www.pfchangs.com/security/.
  • Be vigilant: Keep an eye on your debit and credit statements for odd charges, even small ones. Cyber criminals often test accounts with small transactions to make sure they are active. If you see a suspicious transaction, report it as soon as possible and request a new card
  • Use Credit: Consider paying with a credit card if at all possible. Credit card companies cannot hold you liable for fraudulent purchases made on your card. This makes it a lot easier and quicker to recoup losses from a fraudulent credit card charge than recovering losses from debit card fraud.
  • Use Cash: One of the most surefire ways to avoid your card being compromised is to not use it. Pay with cash instead. While this is not the most convenient solution, it is an effective one.

Payments 101: An Intro to Payment Security and Transaction Trends

By | July 10th, 2014|Uncategorized|

EMVThe security of transactions and payments is a hotly debated topic around the world. Which methods are most secure? Which should we all adopt? And why one over the other?

But before we start diving more into the debate on this topic, how about a simple introduction? Let’s define some of the major terms and security issues that you will often see discussed:

Magstripe:
This is a type of card that is capable of storing and transferring data within a magnetic stripe. The information is read by swiping past a magnetic reading head. If you’re in the US, this is likely what you are familiar with on your credit card, debit card, public transportation card or even ID card for your office. Typically, you are asked for your signature at a POS when using your magstripe card.

EMV:
EMV, which takes its name from Europay, MasterCard and Visa, is a global standard for payment cards that is based on micropressor chips. These are often called IC cards or “chip cards.” A computer chip is embedded in the card and associated with a PIN. The owner must supply the PIN to allow for the card’s processing. This use of a PIN to identify the owner is considered more secure than the use of a signature, as you use with magstripe cards.

Chip and PIN:
This is another name for EMV cards or the EMV standard.

CNP Transaction:
CNP stands for Card Not Present. This is a type of transaction made with a card in which the cardholder does not or cannot physically present the card to the merchant. For instance, CNP transactions often take place over the phone or Internet. CNP transactions can be major sources of credit card fraud, as it can be difficult for the merchant to authorize the user’s identity. When you make a purchase in person, you may be requested to prove your identity with a photo ID, signature or PIN. However, in a card not present transaction, there isn’t an easy way to authenticate you are who you say you are.

Contactless Payments:
Now we are seeing more instances of contactless payments, in which the user can wave a card, device or fob over the POS system to make the transaction. This type of payment uses radio-frequency. Near Field Communication (NFC), for instance, is a set of standards for smart devices to establish radio communication when in proximity with one another. Security risks include malware and interception of the transaction. However, since smart cards and devices often have more than one use, the owner only has to replace the one card or device if it is lost or stolen.

Keep an eye out on our blog, cyberSAFE webinar series and social media channels for more on this topic as we begin to take part in the debate. In the meantime, what do you think about each type of card? What about each type of transaction? Join the conversation on Twitter, Facebook and LinkedIn.

Cyber Criminals Pose Big Threat to Banking Industry

By | February 21st, 2014|Uncategorized|

guest blogThis guest blog post comes from Rebecca Gray who writes for Backgroundchecks.org.

As the world is flattened into cyber commerce, banking industry hackers have become progressively more dangerous. Ultimately, cyber criminals have tapped into over half of the world’s top 50 banking websites in the last eight years and are responsible for around $1 billion in losses per year from the banking industry. It is clear, then, that these cyber criminals are seriously threatening the security of multi-national banking infrastructures. In turn, those companies are responding with real security measures to keep their information safe. This has created a market for new companies that enable cyber security services that keep hackers at bay.

Identifying High Risk Internationally

As companies continue to rely on international banking structures through Internet communication, the information available to cyber criminals knows no language or regional bounds. Global system security is paramount, as the information held by the banking industry is highly valuable and attainable, if systems are breached. For this reason, banking institutions are raising the stakes on security. Companies are bidding for the time and expertise of the best minds working on Internet security. The time is now to bring in greater security measures, enhancing firewalls and general cyber defense.

Threat Management Services

Preventing the possibility of cyber attacks requires a full-time comprehension and analysis of threats, along with a qualified response plan. Preparing for potential security breaches means hiring qualified professionals, allowing banks and their clients to supplement the security infrastructure with cutting-edge security practices. The value of such consulting has increased in recent decades, responding to increased threats and rising numbers of incidents. Several smaller Internet security companies have merged with the world’s most respected banking and accounting firms. Simply put, cyber security is booming.

Risk Perspective Reports

The most recent Office of the Comptroller of the Currency’s Semi-Annual Risk Perspective shows alarming accelerated risk of cyber attacks in financial institutions. The problem is this: criminals seek information and their ability to access bank information with profound ease is only getting better.

The results confirm that cyber attacks remain high, proving once again the importance of mandatory security audits. As security infrastructure is monitored, banks get a better understanding of the increasing and concentrated risk facing the banking industry, as a whole. By measuring the risk independently, banking institutions are able to defend themselves against cyber theft and prepare end-to-end solutions with customized plans.

Re-Training Employees on Security

As intensifying cyber threats plague the banking industry, current employees are being retrained in technology security. Understanding cyber issues is key to banking security, so the industry is seeing a greater emphasis on IT jobs and overall awareness of IT skills in job descriptions and expectations. This re-training, sparked by massive breaches internationally in both banking and retail sectors, has brought new training services to the industry. As new threats keep appearing, new employee training programs emerge to confront them.

Adapting to New Challenges

The evolution of cyber issues in the financial sector is happening quickly and banks are trying to keep pace. Insightful minds at the best-protected companies are thinking ahead of the game, investing in and planning strategies for cyber security. With the recent public attention on data breaches, financial structures are calling for fresh perspectives on cyber security – and fast. While many people working for these banks were trained to face hackers, techniques used to steal data change quickly. By the time IT staffers understand prevailing threats, they may already be a step behind attackers. Consistent training and retraining is the only way to stay ahead of emerging vulnerabilities.

Innovators in the Industry

The question is not how to eliminate cyber threats—because controlling outside parties will always be tough—but, instead, how to prepare, and remain resilient in cyber defense. Market-leading companies protect banking infrastructures through enhanced security customizations, each crafted to address new threats.

‘Tis the Season: Secure Your Business’ Online Shop

By | November 14th, 2013|Uncategorized|

‘Tis the Season: Secure Your Business’ Online Shopholiday blog pic

Holiday season is just around the corner. Most people are aware that online holiday shopping opens up a number of security risks for consumers, and last year we outlined security tips for the online shopper during holiday seasons – but this year? Let’s tackle the issue from the business side.

Businesses with online shops are surely looking forward to the season, especially Cyber Monday, the Monday after Thanksgiving, during which they’ll likely see a huge boost in sales and popularity among their shoppers. But what about the security risks that come with managing an online shop? Consider these tips to keep your business – and your shoppers – secure this holiday season.

Keep your machines clean

Make sure your employees’ devices are using up-to-date software and are running the latest anti-virus technologies. Keeping your machines clean and running smoothly will help defend against internal viruses and malware.

Train everyone in security and privacy basics

Education is key. Teach your employees about the basics in security and privacy, including what types of customer information should be kept confidential. Also check that they are practicing best security practices internally, such as keeping strong passwords.

Create user accounts for each customer

Require that customers create individual user accounts. This will help you keep their information organized and secure on an internal level, while also adding an extra layer of security on the user’s side of the online shopping experience.

Encourage strong passwords

For these user accounts, require that your customers use strong passwords. Passwords should be long and feature a mix of letters, numbers and symbols. Ask that customers change their passwords at least on an annual basis.

Protect sensitive customer information

One of the most important tips in this list – protect your customers’ sensitive information. This includes their account credentials, their credit card information, their mailing address and any other information you acquire from them. Ensure that this information is all encrypted, or better yet, don’t house it internally at all. There are many trusted third party services to help manage such data.

Secure your site and provide advice for shoppers

Work with your IT team to secure your website – it should say HTTPS in front of the URL. Also consider reminding shoppers to confirm that they are using a secure Internet network prior to inputting any credit card information.

Are you prepared to run a secure online shop this holiday season? Do you have any tips to add? Let us know what you think! As always, join the conversation on Twitter and Facebook.

News Recap: Identity Thieves Stole $4B in Tax Returns

By | November 8th, 2013|Uncategorized|

tax blog picA recent inspector general’s report released information that the Internal Revenue Service (IRS) sent $4 billion in fraudulent tax returns last year to identity thieves. Many fraudulent returns were sent to Miami, Chicago, Detroit, Atlanta, Houston and overseas countries, including Bulgaria, Lithuania and Ireland.

The IRS increased efforts this past year to combat tax fraud, Associated Press’ Stephen Ohlemacher reported. In 2012, ”the IRS stopped more than $12 billion in fraudulent refunds from going to identity thieves, compared with $8 billion the year before,” Ohlemacher wrote. This increased savings may be resulted from the IRS doubling the number of employees working on identity theft issues last year, totaling 3,000, according to Gregory Korte of USA Today.

However $4 billion in fraudulent taxes still managed to get to identity thieves last year. Though the IRS prevented more refunds from going to identity thieves, more victims had their identities stolen this year, reported the Washington Post: “Through June, the IRS identified 1.6 million victims who had their identities stolen during this year’s tax filing season, the report said. That compares with 1.2 million victims in 2012.”

USA Today reporter Gregory Korte explained how tax fraud by way of identity theft typically works: “Thieves, using a valid social security number, file a tax return using fictitious withholding forms showing that they’re due a refund, and have those refunds sent to another address. When the real taxpayer tries to file a return, the IRS rejects it.” Identity thieves usually prey on the young, old and people who have died, said the Washington Post.

IRS spokeswoman Julianne Fisher Breitbeil said in USA Today that the IRS is continuing to develop fraud detection systems. “Since 2011, the IRS has stopped 12.6 million suspicious returns involving $40 billion in fraudulent refunds,” USA Today reported.

Are you surprised at how many U.S. tax dollars were stolen by identity thieves? How can people and businesses better protect against tax fraud and identity theft? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Industry News Recap: Lawmaker Experiences Tax Identity Theft

By | April 12th, 2013|Uncategorized|

tax_id_theftIn trending news, Mississippi state Representative Lester Carpenter found that someone else had filed for his 2012 tax return. While the identity thief asked for Carpenter’s tax refund to be automatically deposited, he or she had provided incorrect bank account information, causing the check to be mailed to Carpenter’s home address.

“Carpenter went to the Mississippi Attorney General’s Office where officials did a computer search and found that two other individuals, including the one in Texas, were using his Social Security number,” said USA Today. “Since the start of this year, the IRS has worked with victims across the country to resolve more than 200,000 ID theft cases.”

The IRS reported that tax identity fraud cases are on the rise, with 940,000 fraudulent tax returns filed in 2011 – an increase of 49,000 cases in two years. “In response, the IRS has been updating its fraud screening systems and penalizing more identity thieves,” said CNN Money. “Last year, the agency stopped $20 billion in fraudulent refunds from being issued – up from $14 billion in 2011. And earlier this year, it launched a nationwide crackdown that brought enforcement actions against 389 identity theft suspects in 32 states. The IRS has also more than doubled its staff devoted to identity theft cases.”

As another tax season comes to an end, what are some safety precautions you use year-round to prevent identity theft during tax season? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr page for the latest industry news stories.

Upcoming Webinar: Child Identity Theft – A Parenting Blind Spot

By | March 13th, 2013|Uncategorized|

In our recent consumer research survey, we found that a whopping 43% of parents do not know that child identity theft is a growing concern, and only 18% of parents are concerned with their child’s identity being stolen online. Meanwhile, according to ITAC’s 2012 Child Identity Fraud Report, one in 40 U.S. households with minor children is affected by this issue. Despite that frequency, child identity theft is a largely underreported and underrated crime, because most victims do not discover they have been targeted until they are 18 years old. It’s not only an issue for the children and families involved, but businesses are also losing money to these schemes as well.

So, what can parents and businesses do to combat this alarming trend? What solutions are out there? Join leading security experts Tuesday, April 2nd at 12 pm CDT for a free one-hour webinar that will address the growing trend of child identity theft, parent awareness and response, and what businesses can do to provide protection to this demographic and to themselves.

WEBINAR: Child Identity Theft: A Parenting Blind Spot. What We Can Do – As Parents and Businesses – to Reverse this Growing Trend.

When: Tuesday April 2, 2013 at 12pm CDT

Cost: Free

Twitter Hashtag: #SecureChildID – we’ll be extending the conversation to Twitter

Register Now!

Speakers:

Moderator:

  • Bryan Hjelm, Vice President, CSID

TWITTER CHAT
We’ll also be hosting a live Twitter chat about this topic on Thursday, March 14 at 2 PM CDT with global cybersecurity awareness campaign @STOPTHNKCONNECT and other industry leaders. Join in using the hashtag #ChatSTC.

See you there!

Spill the Beans: The Significance of Breach Disclosure Laws Status

By | January 9th, 2013|Uncategorized|

If a company is breached, should the breach be reported to authorities? To customers? To the public? While breach disclosure laws have been debated on and off for the past few years, it looks like they are making it back into the spotlight.

Many companies would prefer to keep security breaches to themselves – to avoid the authorities, protect their brands and handle the issue privately. Governments, however, argue that such disclosure provides essential insight and is necessary to tackle cybercrime. 

In Europe, for instance, the Europol recently attributed the cause of some of the biggest card fraud cases to a lack of breach disclosure laws. The Europol says, “A major problem in the EU is the lack of proper regulations for reporting data breaches to police authorities. Law enforcement agencies, even if aware of a breach, have difficulties finding information on, and links to, the point of compromise, stolen data and illegal transactions.”

Meanwhile, in the U.S., President Obama just signed the National Defense Authorization Act. The Wall Street Journal reports that this act “gives the Department of Defense 90 days to establish procedures for defense contractors to disclose cyber breaches” – or in other words, companies will soon be required to tell the federal government when hacked. Previously, though breach disclosure was encouraged, it remained voluntary.

Beyond this federal push, many U.S. states have already enacted their own notification laws—all but four have some statewide disclosure requirements. See here for a state-by-state list.

What do you think about breach notification laws? Share your thoughts with us on Facebook and Twitter.

 

Tis the Season: Security Tips for Online Holiday Shopping

By | December 5th, 2012|Uncategorized|

It’s that time of year again! As you finish your holiday décor and put your gifts under the tree, make sure you stay safe while shopping for your loved ones online this season with these quick tips.

  • Make sure your devices are up-to-date. Any device you use for shopping; including smartphones, tablets and computers; should have the latest security software, operating systems, programs and applications. In addition, be aware of shopping on these devices when connected through public Wi-Fi or unsecured networks.
  • Know your merchant. When making online transactions, make sure you’re dealing with a reputable site and take a careful look at the website’s URL. A good indicator that the retailer is legitimate is if your web browser’s address bar includes a closed padlock or the URL address begins with https.
  • Be aware of phishing scams. This time of year, email phishing scams are in full effect and could lead you to a merchant that may look legitimate but is not. Be aware of any misspellings in communications and ‘too good to be true’ deals from the retailer. If in doubt, just go to the site directly by typing in the URL to your browser and/or make sure to delete any suspicious emails and mark them as ‘spam.’
  • Protect your personal and financial information. Be aware of the information that is being collected to complete your purchase. Only fill out what is required and understand the merchant’s privacy policy – know how your information will be stored and used for current and future purchases.
  • Keep track of payments. Save records of your online transactions and follow up with your bank and/or credit card accounts to make sure there are no fraudulent purchases. Credit cards are often best for online purchases because if there is suspicion of fraud and you have a complaint, your creditor will investigate and remove the charge until it determines if it is indeed fraudulent.

Have some smart and safe online holiday shopping tips? Share your advice with us on Facebook and Twitter. Happy holidays to you and yours from CSID!

FBI Leads Undercover Operation Against Cyber Crime

By | July 3rd, 2012|Uncategorized|

CSID’s CyberAgent technology scans more than 10,000 underground websites and forums per day—more than 600,000 individual web pages—for personal identifying information (PII) being bought and sold. This PII includes bits like Social Security Numbers, email addresses, passwords and credit and debit card numbers. In fact, the credit and debit card numbers often come with the expiration dates, associated names and addresses, and a validity check.

We often get asked, “Why don’t the authorities do anything about it?”

The answer? Yes, they do—but it is a long and intensive process that strategically evades the public eye. News broke recently that the FBI coordinated with law enforcement agencies around the world for a two-year undercover operation to crack down on online trafficking of stolen financial data and credit card information. According to an official statement by the United States Attorney’s Office for the Southern District of New York, this global operation was the largest coordinated international enforcement action against online “carding” gangs. As Fahmida Rashid wrote in PC Mag, “Online carding groups act as a marketplace where criminals can buy or sell stolen credit card and other financial information.”

To target the groups, the FBI sold stolen data and hacking tools through their own carding site, Carder Profit. Through this site they were able to monitor and record all activities, including visitors’ IP addresses and registrants’ email addresses.

The two-year collaboration among the FBI and law enforcement agencies from 13 other countries ultimately lead to the arrest of 24 people who had been trafficking stolen credit card and financial details. According to the FBI, the operation prevented more than $205 million in losses and notified credit card providers of more than 411,000 compromised cards. 

These efforts from the FBI and law enforcement agencies show us just how serious an issue cyber crime and identity theft is. While it is great to have major agencies like the FBI watching out for us, we must still remember to be diligent in protecting and monitoring our identity online – you never know who might be waiting to steal your information.

Load More Posts