Name : Siciliano
First Name : Robert
Blog URL : http://IDTheftSecurity.com
Biographie :ROBERT SICILIANO, CEO of www.IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. In continuing the trend of providing the most up-to-date and useful digital security tips, JustAskGemalto has partnered with well-known digital security expert, Robert Siciliano, to discuss hot trends and share real-life stories, experiences and tips for consumers around online safety. Siciliano will be a contributor to the JustAskGemalto blog discussing a variety of topics ranging from identity theft to personal online security as well as best practices to maintaining a great digital lifestyle. Robert Siciliano seeks to reach people across the United States and share his knowledge and experiences with them so that consumers can enjoy and get the most out of the technology used every day in a safe and convenient way. He has become a trusted source with executives within leading corporations and provides straight forward information they need to confidently manage their own personal security online. Siciliano is currently a contributor to the Huffington Post and has been featured as a digital security expert on major media outlets such as CNN, MSNBC and The Today Show. For more information on Robert Siciliano, visit www.IDTheftSecurity.com or he can also be found on Twitter.
The best thing about the “New Year” is committing to new or old resolutions and starting fresh. Whether you are an individual or a small business, the following applies:
Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures
The old magnetic stripe technology currently used in credit and debit cards in the United States is inexpensive and readily available, making our cards highly vulnerable to fraud. It’s understandable then that credit and debit card fraud is Americans’ primary fear, with 68% of those surveyed describing themselves as extremely or very concerned about the security of their credit or debit card data and 66% as extremely or very concerned about identity theft.
Compare that to the 58% who are extremely or very concerned about terrorism and war, or 41% who fear the possibility of a serious health epidemic. If a health epidemic actually occurred, that would naturally take prevalence over our financial concerns. But for now, we’re mostly worried about our money.
Credit card fraud comes in two different flavors: account takeover and new account fraud. Account takeover occurs when an identity thief gains access to your credit or debit card number through criminal hacking, dumpster diving, ATM skimming, or sometimes even when you hand it over to pay at a store or restaurant. Technically, account takeover is the most prevalent form of identity theft, though I’ve always been inclined to categorize it as simple credit card fraud.
EMV credit cards—or “chip and PIN” cards—are safer than the magnetic stripe cards still used in the U.S. According to the Smartcard Alliance, “[EMV] transactions require an authentic card validated either online by the issuer using a dynamic cryptogram or offline with the terminal using Static Data Authentication (SDA), Dynamic Data Authentication (DDA) or Combined DDA with application cryptogram generation (CDA). EMV transactions also create unique transaction data, so that any captured data cannot be used to execute new transactions.”
In simple terms, with EMV technology, users’ financial data is thoroughly scrambled. It makes sense, therefore, for smart, forward thinking banks to encourage EMV migration as soon as possible.
Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures
Frequent fliers accustomed to traveling internationally for business are helping drive demand for EMV cards within the United States. Business travelers who have found it increasingly difficult to use their magnetic stripe cards while abroad are now requesting that American banks provide EMV, or chip and PIN cards, which are used more commonly in Europe and around the world.
“EMV” refers to Europay, MasterCard, and Visa, three financial service corporations that collaborated to establish a global standard for secure, reliable, and consistent credit and debit card transactions. These cards are also called “chip and PIN” cards because they incorporate an embedded microprocessor chip and require a personal identification number for authentication. These security measures make chip and PIN cards far more secure than the magnetic stripe cards that are standard in the United States, since the magnetic stripes containing sensitive financial data are vulnerable to skimming at ATMs and point of sale terminals. In Europe, chip and PIN technology has significantly reduced the potential for fraud in transactions where the credit card is not physically present.
JPMorgan Chase began issuing cards with embedded microprocessor chips last year in response to requests from cardholders who are frequent international travelers. And more major card issuers have followed suit by incorporating EMV technology. American Express has announced plans to release chip-based cards in the United States, as part of a "roadmap to advance EMV chip-based contact, contactless and mobile payment for all merchants, processors, and issuers."
Most of the EMV-based cards offered in the United States are chip-and-signature, rather than chip-and-PIN, due to differences in the way payments are processed. Nevertheless, these advances in card technology are a positive step, so thank you to business travelers for pushing banks to incorporate EMB technology and making overseas travel more convenient and more secure.
Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures
If you aren’t in the habit of backing up your data, you might assume that it’s difficult or tedious. But I’ve got news for you, it’s easy-peasy. Nowadays, backing up is a complete no brainer.
There are many backup options. New PCs often come bundled with backup options included in the “bloat ware.” Microsoft Windows 7 comes with “Windows Restore/Back Up” accessible via the Control Panel, and Macs offer a backup option called Time Machine. You can buy an external hard drive to copy your files to, or invest in a remote backup service.
I suggest backing up twice on local drives and once in the cloud.
Cloud backup options include Mozy, McAfee, and Carbonite.
Mozy online backup costs $6 per month to back up 50 gigabytes of data on one computer, or $110.00 a year for 125 gigabytes on up to three computers. Mozy offers an easy to use interface and quick, effortless backups of every file type, including files on external drives. If you have over 110 gigabytes, though, it gets pricey.
McAfee online backup costs $5 per month
, and works exactly like Mozy, except that as of this writing, users receive unlimited backup for that $5 monthly fee.
Carbonite online backup offers unlimited storage from one computer for under $5 per month. Carbonite is inexpensive with an easy-
, like software programs with a variety of unusual file extensions, have to be zipped beforehand, since Carbonite won’t back up the individual files with odd extensions.
My 200-gigabyte C: drive came built into my PC as the main operating system drive. My E: drive is a secondary 2TB drive installed in the slot most PCs provide for a second drive. And I have a 2-terrabyte external drive, my F: drive, which I keep running 24/7. I paid $80.00 for a 2TB E: drive and $104.00 for a 2TB external drive. I also have unlimited cloud-based backup
, which is accessible for $60 a year. And for $20 , I’ve installed Goodsync.
All my data is on stored on my E: drive, filling more than three quarters of the 2-terrabyte internal drive. Drive E is my primary data drive, and gets backed up to the cloud and synced to the external 2-terrabyte F: drive. Goodsync automatically syncs my internal E: drive and external F: drive every two hours. I do this because, while all my data is stored in the cloud, if my internal drive does crash, downloading it all would be a chore, plus, I’d need a drive to download it too, anyway.
The cloud is ideal for mitigating major catastrophes, like fires, but not practical for accessing data on a daily basis.
That’s it. Two local backups and one cloud-based backup. Do it today. It’s easy-peasy.
The day when your wallet becomes a relic, like an 8-track tape, isn’t here quite yet. But we are getting close.
Thinning out your wallet isn’t just nice for your pants pocket. It’s also a good way to minimize your risk for identity theft, should your wallet ever be lost or stolen. As long as you’re keeping your smartphone safe and secure, the following mobile payment options offer safe, convenient alternatives to traditional payments.
Mint: Personal finance tools from Mint.com help you track, budget, and manage your money while you’re on the go. Sign up for a free Mint.com account, add your online banking and credit card accounts, and access your personal finances, all from your iPhone. One cool feature Mint offers is optional alerts to any high dollar transactions.
Square: This application and free credit card reader allow users to accept credit cards via iPhone, iPad, or iPod touch without a contract, monthly fees, or merchant account required. You can become your own merchant with this truly amazing app, which is ready to take payments within minutes of downloading. This can be handy when splitting a dinner check with a group in which everyone has a credit card, but no cash.
KeyRing: Never carry plastic or paper loyalty, membership, or library cards again! You can save time, space, and money by storing cards and coupons on your phone, so you’ll never miss a discount at the point of sale again. I especially like that KeyRing fully backs up your credit and store cards. Not every merchant is ready to accept a digital card at this point, but many are, and the number is increasing.
Paypal: Send money to your friends, manage your account, and more with the PayPal app. It’s free, secure, and more convenient than going to an ATM, writing checks, or sending gifts the traditional way.
I haven’t listed my bank’s application because they don’t currently offer mobile check deposit. But if your bank does, add them to the list, because that’s cool.
As more online retailers introduce mobile ecommerce applications, criminal hackers are taking notice. Existing mobile operating systems are under attack and, like standard PC operating systems, they sometimes fail to provide the necessary security to support a payment application.
Current research is primarily geared towards securing mobile payments, but there is a lack of coordination between mobile payment developers, device manufacturers, and mobile operating system platform developers. Hackers are taking advantage of the loophole created by this lack of coordination.
Mobile phone spyware has been a concern for years. Legitimate software companies sell mobile phone spyware that allows the user to monitor a spouse, kids, or employees. And criminals deploy mobile phone spyware, as well.
Beijing-based mobile security services firm NetQin Technology reports that an application called Xwodi, which allows third parties to eavesdrop on cell phone conversations, has infected more than 150,000 phones in China. Apparently, the malware targets mobiles running the Symbian platform, and monitors phones by silently activating the conference call feature or microphone.
One security company, Trusteer, informed The New York Times, “Mobile users are three times more likely to fall for phishing scams than PC users…because mobile devices are activated all the time, and small-screen formatting makes the fraud more difficult to spot.” In the same article, another mobile security firm, Lookout, claimed that in May 2010, 9 out of 100 phones scanned for malware and spyware were infected. That’s up from 4 out of 100 infected phones in December 2009.
Protect yourself by refraining from clicking links in text messages, emails, or unfamiliar webpages displayed on your phone’s browser. Set your mobile phone to lock automatically and unlock only when you enter a PIN. Consider investing a service that locates a lost phone, locks it, and if necessary, wipes the data, as well as restoring that data on a new phone. Keep your phone’s operating system updated with the latest patches, and invest in antivirus protection for your phone.
More consumers than ever before are buying smartphones. A smartphone is an Internet-enabled mobile phone with the ability to purchase and run applications. Smartphones are generally equipped with voice, data, Wi-Fi, Bluetooth, and GPS functions. Operating systems include Google’s Android, Apple’s iOS and Windows’ Mobile 7. Most function on a 3G wireless connection and can switch to Wi-Fi when it’s available. Newer models are being built to accommodate the upcoming nationwide deployment of 4G wireless networks.
“Worldwide mobile phone sales to end users totaled 417 million units in the third quarter of 2010, a 35 percent increase from the third quarter of 2009, according to Gartner, Inc. Smartphone sales grew 96 percent from the third quarter last year, and smartphones accounted for 19.3 percent of overall mobile phone sales in the third quarter of 2010.”
In the U.S, there are 293 million cell phone subscribers and cell phone penetration is over 93%. In 2010, more than one in four households had cell phones and no landlines, which is an increase of 2.1% over 2009. Almost one in six households use cell phones exclusively, despite having a landline. Wordwide, there are 5 billion smartphones in use.
The number of mobile broadband subscriptions surpassed the half billion mark in 2010, and in 2011 broadband subscriptions are expected to exceed one billion. As more and higher speed networks are built, more consumers will gravitate toward the mobile web. Smartphone users are downloading billions of apps and spending millions via mobile payments. In fact, for the younger generation, smartphones are used for a majority of ecommerce transactions. Many of these people haven’t been inside a bank in years!
Taking Security Measures.
As more people switch to smartphones, mobile security concerns increase. Here are a few reminders to help keep your data secure on your phone:
1) Use a PIN to lock your phone: 55% of consumers do not use a PIN to lock their phones. Mobile content is especially vulnerable to hackers and thieves.
2) Don’t store banking passwords on your phone: 24% of consumers store computer or banking passwords on their smartphones. 40% of consumers say losing their phone would be worse than losing their wallet, and two million mobile phones are lost or stolen every year. That’s one every fifteen seconds.
3) Register for a service that can remotely locate, access and wipe your phone: There are services that can remotely access a lost phone, pinpoint its location, and, if necessary, wipe the data from the phone. Now is the time to consider investing in one, before you lose your phone.
Near Field Communications, or NFC, is the exchange of information between two devices via wireless signal. For example, a wireless signal emitting from your cell phone can act as a credit card when making a purchase.
NFC can be used in other ways beyond credit card transactions. It can integrate with hardware, such as your car, to unlock a door. It can activate software.
Soon enough, using your phone as a credit card will be commonplace. Mobile contactless payments, in which you pay by holding your phone near the payment reader at the register, are expected to increase by 1,077% by 2015.
According to a study by Boston-based research firm Aite Group, “The gross dollar volume of U.S. mobile payments is estimated to grow 68 percent between 2010 and 2015, but the mobile payments will continue to represent only a ‘tiny portion’ of U.S. consumer spending for many years.”
Mobile payment is still in the testing phase in the United States, Canada, and other countries around the world.
Security is paramount. A new type of smartcard-based SIM is at the core of mobile payment security. It contains a small computer with its own software designed to protect the payment account information. Your credit card provider will make sure that mobile payment is fully secure, or it will not happen.
“Vishing” occurs when criminals call victims on the phone and attempt to lure them into divulging personal information that can be used to commit identity theft.
The name comes from “voice,” and “phishing,” which is, of course, the use of spoofed emails designed to trick targets into clicking malicious links. Instead of email, vishing generally relies on automated phone calls, which instruct targets to provide account numbers.
Vishing techniques include:
Wardialing: This is when the visher uses an automated system to call specific area codes with a message involving local or regional banks or credit unions. Once someone answers the phone, a generic or targeted recording begins, requesting that the listener enter bank account, credit, or debit card numbers, along with PIN codes.
VoIP: Voice over Internet Protocol, or VoIP, is an Internet-based phone system that can facilitate vishing by allowing multiple technologies to work in tandem. Vishers are known to use VoIP to make calls, as well as to exploit databases connected to VoIP systems.
Caller ID Spoofing: This is the practice of causing the telephone network to display a false number on the recipient’s caller ID. A number of companies provide tools that facilitate caller ID spoofing. VoIP has known flaws that allow for caller ID spoofing. These tools are typically used to populate the caller ID with a specific bank or credit union, or just with the words “Bank” or “Credit Union.”
Social Engineering: Social engineering is a fancier, more technical form of lying. Social engineering (or social penetration) techniques are used to bypass sophisticated security hardware and software. The automated recordings used by vishers tend to be relatively professional and convincing.
Dumpster Diving: One time and tested “hack” is simply digging through a bank’s dumpster and salvaging any lists of client phone numbers. Once the visher has the list, he can program the numbers into his system for a more targeted attack.
To protect yourself from these scams, educate yourself. Knowledge is the key to defending yourself from vishing. The more you understand it, the better off you’ll be, so read up on vishing incidents, and if your bank provides information about vishing online or in the mail, sit up and pay attention. As this crime becomes more sophisticated, you’ll want to be up to date.
If you receive a phone call from a person or a recording requesting personal information, hang up. If the call purports to be coming from a trusted organization, call that entity directly to confirm their request.
Don’t trust caller ID, which can be tampered with and offers a false sense of security.
Call your bank and report any fraud attempts immediately. The sooner you do, the more quickly the scam will be squashed.
Document the call, noting what was said, what information was requested, and, if possible, the phone number or area code of the caller, and report this to your bank.
Cybersquatting, simply put, is the act of procuring someone else’s trademarked brand name online. The Anti-cybersquatting Consumer Protection Act, a U.S. federal law enacted in 1999, describes cybersquatting as registering, trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else.
Cybersquatters squat for many reasons. Some squat for fun or because they like the brand or name, while other squatters use the domain to advertise competitors’ wares, or for stalking, harassment, or outright fraud. Most cybersquatters offer to sell the domain at an inflated price to the person or company who owns the trademark contained within the domain name.
In particularly malicious cases of cybersquatting, identity thieves use a domain similar to that of a bank or other trustworthy entity in order to create a spoofed website for phishing. If the desired domain isn’t available, typosquatting is the next best option. After Annualcreditreport.com launched, more than 200 similar domains were quickly snapped up.
Computerworld discussed the havoc that cybersquatting can wreak on a brand’s reputation. Sometimes, criminals copy a brand’s entire website in order to collect usernames and passwords from unwitting visitors. The hackers then test those names and passwords on other websites. Cybersquatting increased by 18% last year, with a documented 440,584 cybersquatting sites in the fourth quarter alone, according to MarkMonitor’s annual Brandjacking Index report.
I’ve written before about the time I was accused of cybersquatting. I wasn’t, I swear! I bought myself some domains in the early 90’s, way before cybersquatting was illegal. I sold some, and regrettably gave up some others. And there was one that will haunt me until the day I die. I owned LedZeppelin.com for five or six years. Led Zeppelin was and is my favorite band, and as a fan, I bought the domain as a keepsake. I would get emails from people all over the world, saying things like, “I am Paulo from Brazil, I love the Led Zep!”
With cybersquatting on the rise, it makes sense to claim your name, your brand name, and your kids’ names as soon as possible. There are numerous new domain extensions coming out all the time. Dot Co recently launched without much fanfare, but it creates a new opportunity for criminals to hijack your brand. I just snagged “siciliano.co.” So go get your domain before the bad guy does!