Our lives depend on the convenience of digital and require the security behind the scenes. Take contactless payment for example. Contactless payments are a faster, more convenient alternative to cash when making small purchases at fast food restaurants, convenience stores, and transport terminals. They are also ideal for remote or unattended payment situations, such as vending machines, road tolls, or parking meters.
These transactions are protected by multiple layers of security, which protect both retailers and consumers.
Some of these security features are incorporated within a card’s microprocessor chip, while others are part of the same networks that protect traditional credit and debit card transactions.
Think about how much more “digital” our lives have become. Digital assets include: entertainment files (e.g., music downloads), personal memories (e.g., photographs), personal communications (e.g., emails), personal records (e.g., health, financial, insurance) and career information (e.g., resumes, portfolios, cover letters, contacts), as well as any creative projects or hobbies involving digital files.
Every bit of this adds up to “more and better.” By this, I offer an example. I have a seven-year-old daughter who has evolved into a smarter, more well-rounded and aware child than I ever was. And, with the comfort of digital security, the technology that we expose her to makes much of that possible.
And this exposure is ubiquitous. While many people protect their PCs and digital assets from malware by installing antivirus software, they leave the doors open to criminals when it comes to smartphones, tablets and Macs, however. Bad guys are now targeting these devices, as their users’ complacency has made breaking into these devices the path of least resistance. Now more than ever, a multi-device security strategy is necessary.
But don’t fret. Enjoy your technology, be smart about it and make sure to exercise your security muscles.
Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

The internet-connected TV, PC, mobile and tablet are all connected to the home in ways like never before. All of these appliances are talking to one another in various ways. For example, many of us share media, display photos on various devices, or use different devices remotely for home security, HVAC control, access control, and on/off administration of various devices.
My own home is connected in various ways. Using my iPhone or any computer, I can access a cloud-based server that allows me to watch live footage from each of the 16 cameras I have installed in and around my property. The cameras also begin recording automatically whenever motion is detected, and that footage is stored in the cloud and available to me anywhere, anytime. It’s amazing how often I access these cameras when I’m on the road.
With home automation, I can use the cloud to remotely switch lights on and off and adjust the temperature control system. I also get alerts in the event of an intrusion or even a broken water pipe!
Another great example is the “Nest” thermostat and corresponding app. Control your home's temperature from your iPhone, iPad, or iPod touch with the Nest Mobile app. Last-minute trip? Change the temperature from the ski slopes. Coming home early to a cold house? Turn up the heat on your way. The Nest Mobile app allows you to adjust your Nest Learning Thermostat from anywhere. Having a cloud-based, internet-connected home certainly provides an excellent layer of comfort, not to mention peace of mind.
Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Major banks and retailers are now pushing very hard to make EMV the new standard in the United States. Visa announced plans “to accelerate the migration to contact chip and contactless EMV chip technology in the U.S. The adoption of dual-interface chip technology will help prepare the U.S. payment infrastructure for the arrival of Near Field Communication (NFC)-based mobile payments by building the necessary infrastructure to accept and process chip transactions.”
EMV, which stands for Europay, MasterCard and Visa, refers to the chip-and-PIN credit card technology commonly used in Europe and elsewhere around the world. Credit cards that incorporate an embedded microprocessor chip are far more secure than any other form of credit card currently available, including the standard magnetic striped cards that are all too easy to skim at ATMs and point-of-sale terminals.
Gemalto reports, “As the U.S. continues its implementation of EMV chip cards, it’s lucky to be able to look to other countries that have adopted the technology for best practices, lessons learned and future benefits. As a Gemalto employee based in the U.S., I’ve been eagerly watching to see how our neighbor to the north, Canada, is benefiting from their EMV chip implementation, which started in earnest in 2007.”
“EMV” refers to Europay, MasterCard, and Visa, three financial service corporations that collaborated to establish a global standard for secure, reliable, and consistent credit and debit card transactions. These cards are also called “chip and PIN” cards because they incorporate an embedded microprocessor chip and require a personal identification number for authentication.
JPMorgan Chase began issuing cards with embedded microprocessor chips last year in response to requests from cardholders who are frequent international travelers. And more major card issuers have followed suit by incorporating EMV technology. American Express has announced plans to release chip-based cards in the United States, as part of a “roadmap to advance EMV chip-based contact, contactless and mobile payment for all merchants, processors, and issuers.”Not surprisingly, as the rest of the world has migrated to EMV chip technology, some fraud has shifted over to the United States because of the ease with which fraudsters can duplicate magnetic stripe cards. As a result, the U.S. has carried a disproportionate percentage of global fraud losses—until now. Through our adoption of EMV chips, we’re anticipating a reduction in fraud loss like in Canada, the UK and the 80 other countries in various phases of migration.
Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Cash may be king—but not if you like free coffee and sandwiches from Starbucks. Today, if you want rewards, points, discounts or anything free, mobile payment is the way to go. My dad is a perfect example of how and why this is. Here’s a guy who held out on using a smartphone until 2013. For years, he’d pay cash for his Starbucks coffee and religiously hand over his card to the barista for another credit toward that next free cup. Then, the baristas started to veer to clients to using their Starbucks app, with promises of more discounts and free stuff. My dad got his first iPhone 5 and wonders how he survived without it. Once he downloaded his first mobile payment app, he realized how much “free” he was missing out on.
USA Today reports:
Starbucks is producing more than three million mobile payments per week. That, says [Starbucks CEO] Schultz, exceeds the combined mobile payments of the next 10 companies closest to Starbucks. “This will result in a much deeper experience with our customers," he says.”
That experience IS people like my dad, who plans his trip to Starbucks to get free stuff.
For consumers, that will mean much more one-to-one marketing, says Schultz. That is, specific deals and promos could be specially targeted to individual consumers based on their buying habits. Sooner than later, Schultz projects, regular customers might not even have to belly-up to the bar to order. Rather, based on the information on a mobile phone app that they're carrying, they could be "recognized" as being in the store—and baristas will have the option to start preparing their usual favorites, without them ever having to actually order.
Starbucks has cracked the code in the evolving mobile payment market, and others are quickly joining in. Head to your favorite app store and search for “mobile payment,” or see what your favorite e-tailer or retailer has to offer.
Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Social media is the fifth form of mainstream media. It encompasses all media, making it the king of all media. At this point, most people know how to use social media and how to navigate the various websites. But many employers are still on the fence.
Hootsuites’ CEO says, “The world’s top brands—like Pepsi, Virgin, NHL and American Express—[are] now embracing [social media] company-wide.”
MarketingDonut reports, “One of the simplest ways to convince your boss that social media is the future is [by] showing how much profit [the company] can make. Show how your competitors are using social content to attract potential clients, showing the strengths and weaknesses of their campaigns. Use your website analytics to monitor the flow of visitors to your website from Facebook, Twitter or organically, and how many convert to leads or sales.”
And social isn’t just for business-to-consumer communications. It’s also great for connecting employees too. SHRM reports, “Social networking platforms may allow organizations to improve communication and productivity by disseminating information among different groups of employees in a more efficient manner, resulting in increased productivity.”
As you are setting up social media as an effective tool, you must consider the security implications.

• Implement policies. Without some type of policy in place to regulate employee access and guidelines for appropriate behavior, social media could be problematic. Teach employees effective use by providing training on proper use—including, especially, what not do, too.
• Limit social networks. In my own research, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure.
• Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.
• Maintain updated security. Whether you’re using hardware or software, anti-virus or critical security patches, make sure you are up to date.
• Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.
• Register your company name and all your officers at every social media site. You can do this manually or by using a very cost-effective service called Knowem.com.

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Back when dinosaurs roamed the earth, people took pictures of the Tyrannosaurus Rex with film-based cameras that required them to drop their pics off at a Fotomat for processing. Then, instant pics in the form of Polaroid cameras came along and the term “instant gratification” was born. Today, most of us snap pics on phones because cameras are just another device that we don’t want to carry.
Now, documenting a person’s day, week, month, year, vacation or any event consists of hundreds if not thousands of photos because digital is easy and free. So what’s the best way to share all your pics in a fun, friendly and secure way? Well, that all depends on your lifestyle.

• Facebook: When taking pics from your phone, you can easily upload and instantly share your images with your connections. The beauty of Facebook photos is that all 3,000 of your friends can enjoy them and comment on them. Using your PC is even easier when you are uploading entire albums. The bad thing is, once you upload to Facebook, you can’t expect the photos to ever be private. Even though you might lock down your privacy settings so only your friends can see them, it’s still very possible that your pics can be leaked.
• Flickr: Flickr is a photo sharing site that you can always have in your back pocket via apps for iPhone, Windows 7, Android and more. Or use m.flickr.com from any mobile device to upload and share photos on the go. Share photos only with the people you want to with Flickr’s easy privacy settings. Flickr’s backed storage system makes sure you never lose another photo again.
• Instagram: Share your photos in a simple photo stream with friends to see - and follow your friends' photos with the click of a single button. Every day you open up Instagram, you'll see new photos from your closest friends, and creative people from around the world. Share to Facebook, Twitter, and Tumblr too – it's as easy as pie. It's photo sharing, reinvented.
• Dropbox: Most people don’t think of photo sharing when they think about Dropbox because Dropbox isn’t explicitly a photo sharing site. Dropbox is a free service that lets you bring together all your photos, docs and videos from anywhere. This means that any file you save to your Dropbox will automatically save to all your computers, phones and even the Dropbox website.

All of these sites require usernames and passwords for access. And like all web-based portals, I suggest a different password for each. If you install an application on your mobile, make sure your device is password protected. Another layer of protection (albeit inconvenient) is to set up these apps to require a password every time you access them.
Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Facebook now offers “Home.” Facebook says “With Home, everything on your phone gets friendlier. From the moment you turn it on, you see a steady stream of friends’ posts and photos. Upfront notifications and quick access to your essentials mean you’ll never miss a moment. And you can keep chatting with friends, even when you’re using other apps. Cover feed puts the spotlight on whatever friends are sharing now—photos, status updates, links and more.”
CNN reports “Built-in GPS technology means smartphones know where a person is at any given time. Phones with Facebook Home could access this information at any time to determine what businesses or neighborhoods you visit the most or even where you live. That data could then be used to serve up a more personalized ad, such as a coupon for a store you're near or coffee shop you visit every Sunday. A Facebook representative told CNN that Home will not actively track users' GPS location.”
Back in 2010, The Wall Street Journal was already warning us about app developers’ lack of transparency with regard to their intentions:
An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders. The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them.2⁸
One developer of online ads and mobile apps acknowledged, “We watch what apps you download, how frequently you use them, how much time you spend on them, how deep into the app you go.”
And since then, our level of engagement with mobile apps has only increased, while no meaningful steps have been taken to prevent applications’ access to your data. The motivation here is money. The more they know about you, the more targeted ads they can deliver, and the more likely you are to buy. The information also can be abused for identity theft and other malicious purposes.
Facebook Home may have the best intentions and could very well be a great addition for any heavy Facebook user. And keep in mind, every application you install wants more access to who/what/where/when about you so they can send you targeted ads.
Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

The Federal Trade Commission offers invaluable tools for restoring your identity if it has already been compromised. The tools can be found at http://www.consumer.ftc.gov/articles/pdf-0009-taking-charge.pdf. On this website, you will find a complaint form, affidavit of your identity, and sample letters. You will also find a log to chart your actions while restoring your identity. It is important to utilize this log to keep a record of contacts you have made with the authorities, credit card com­panies, banks, and credit bureaus. If something gets lost in the process, the log ensures detailed notes to help prove your efforts, and ultimately, rescue your identity from a criminal.
If you have an all-encompassing identity theft protection service, your provider can take care of much of the restoration.
The first call you make should be to the police, to report the crime. According to the FTC, “A police report that provides specific details of the identity theft is considered an Identity Theft Report, which entitles you to certain legal rights when it is provided to the three major credit reporting agencies or to companies where the thief misused your information. An Identity Theft Report can be used to permanently block fraudulent information that results from identity theft, such as accounts or addresses, from appearing on your credit report. It will also make sure these debts do not reappear on your credit reports. Identity Theft Reports can prevent a company from continuing to collect debts that result from identity theft, or selling them to others for collection. An Identity Theft Report is also needed to place an extended fraud alert on your credit report.”^[1]
When filing an identity theft report, you will first want to fill out an ID Theft Complaint (http://www.idtheft.gov/probono/docs/i.%20Table%20of%20Contents.pdf with the FTC, which you should bring with you to the police station.
They key to restoring a stolen identity is to exercise patience. Recognize this is not the end of the world, it’s an inconvenience and can be fixed with time and persistence.
Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Online banking or mobile banking reduces expenses by allowing customers to review transactions, transfer funds, pay bills and check balances without having to walk into a bank branch or make phone calls to a bank’s customer service call center.
Mobile banking, m-banking or SMS banking refers to online banking that occurs via mobile phone or smartphone rather than with a PC. The earliest mobile banking services were offered over SMS, but with the introduction of smartphones and Apple iOS, mobile banking is being offered primarily through applications as opposed to over text messages or a mobile browser.
As convenient as this is, you still need to consider security.

1. Set a passlock that times out in one minute to access your mobile.
2. Set your computer’s and mobile’s operating systems to automatically update critical security patches.
3. Make sure your PC’s firewall is turned on and protecting two-way traffic.
4. Always run antivirus software on your PC and mobile, and set it to update virus definitions automatically.
5. Run a protected wireless network. Don’t bank with your mobile on a public Wi-Fi network. Use a free service such as Hotspot Shield VPN.
6. Never click on links within the body of an email. Instead, go to your favorites menu or type familiar addresses into the address bar.
7. Beware of SMiShing, which is like phishing but in the form of malicious text messages instead.
8. Download your bank’s mobile application so you can be sure you are visiting the real bank every time and not a copycat site. Do not check the box offering to remember your login information.
9. Check your online bank statements frequently.

10. Use strong passwords with numbers and uppercase/lowercase letters and characters.
Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

Googling yourself (or “egosurfing”) is formally known as vanity searching—the practice of searching for one's own name, pseudonym or screen name on a popular search engine in order to review the results.
The term egosurfing bugs me a bit because it insinuates people do it because they are narcissistic by nature. However, egosurfing really should be called “reputation surfing” because it’s extremely important to check your online reputation for any errors, inaccuracies, slander or unwanted exposure.
Think about background checks. Background checks are a necessary tool in today’s sometimes violent and certainly litigious society. It’s common sense to require employment background checks for school volunteers, coaches, teachers, janitorial staff—really, employees of all kinds. As a small business, one the worst things you can do is hire an employee who becomes a legal liability or has a history of crime that comes back to bite you.
As a self-check, you’ll want to perform your own background checks to make sure there isn’t any erroneous information out there, or to prepare yourself if a potential employer, landlord or school administrator points out something that makes you look bad.
Your online identity is also something that others can control, and you need to do your best to manage it. Managing your online reputation and protecting it is equivalent to marketing your personal brand, YOU.
Manage your online reputation and do a self-check often. Here’s how:
Start doing things online to boost your online reputation. Register your full name and those of your spouse and kids (owning your kids domains is better than someone else owning them) on the most trafficked social media sites, blogs, domains and web-based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It’s up to you to decide whether or not to plug in your picture and basic bio.
Set up a free Google Alert for your name and get an email every time your name pops up online. If you encounter a site that disparages you, Google has advice. Get a Google Profile. It’s free and it shows up on page one.
Go to Knowem.com. This is an online portal that goes out and registers your name at what it considers to be the top 150 social media sites.
Get a WordPress blog with your name in the address bar and blog often. You want Google to show your given name at the top of search results in its best light, so when anyone is searching for you the person will see good things. Frequent blogging buries bad stuff deep the in search results.
Buy a domain name that is, or is close to, your real name and plaster your name in the HTML header so it comes up in search results.
Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures