It is currently Mon Dec 11, 2017 11:21 pm

All times are UTC - 6 hours [ DST ]




Post new topic Reply to topic  [ 47 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Sun Sep 21, 2014 2:17 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15643
Location: Greater New Orleans Area
Has thanked: 843 times
Been thanked: 473 times
OK credit card fraud is not as fun to talk about as say zombies and firearms. But it is a real risk these days and to say it is an epidemic is to understate the problem. It is a massive business for criminals. Why walk into a bank or store to rob it, when you can simply tap their data and get all of the information you need to have good shipped wherever you want them?

This problem has been in the headlines recently and most people assume it does not affect their life unless their data is stolen so they forget about it.

http://www.usatoday.com/story/tech/2014 ... /15843181/
http://techland.time.com/2013/12/19/the ... ould-know/
http://www.accountingweb.com/article/ir ... ers/222053

Every company and organization that collects credit card, debit card and other personal information like names address and social security number is a possible source for a data breech. The .gov is no better at securing this data than Home Depot. These organizations likely go to great lengths an expense to protect the data but any system designed by humans can be defeated by humans. Nothing is foolproof.

Ok So what can you do? Some obvious points come to mind like do not give out your SS#, assume every email is a phising email and delete it, change your passwords often and pay in cash. That said there are many times when that simply does not work.

Here are some tips I like to give people.

Online Habits:
1) Many banks (& similar sites) allow you set up your user ID. Set up your user ID to as anything except your name and email address. If you do this, you can have in effect two passwords the first being your user ID. When you change your password change your user ID.

2) Passwords. I could and have written articles on password safety issues, but I will not bore you on this often discussed subject beyond saying that a pass word of letters,numbers and characters that is over 16 digits is a good place to start. Oh and no, "MyPassw0rd" is not a good password.

3) Network Habits: Do not access anything confidential on a public wi-fi system. In fact you should avoid even using a public wi-fi system for anything except maybe browsing the news. Do not assume anything on the system (especially wireless) is entirely secure. A private VPN is an added layer of protection but it is by no means secure since anyone within reception distance can intercept the data for instance.

4) Some passwords and sites are less important than others but you should always make sure any email accounts, social media accounts and similar sites with personal information are treated with great care and have a strong logon id and password, secondary sign in verification (if allowed) as well as a routine change of passwords and logon ID. It is amazing how much data you can get about a person by reviewing a month of email activity. Banks, merchant notices and all sorts of data run through your inbox. These provide a wealth of information for people engaged in nefarious activities.

5) I suggest that people get cash only from a bank ATM. Never use a privately owned ATM. In most states anyone an own an ATM. You will see these all over. You never know who owns these machines and how secure your data may be. At least with a bank ATM they must follow FDIC/FSLIC security rules (assuming of course it is a real bank ATM and not a counterfeit one).

6.) I also suggest not using a debit card in retail transactions. Since a debit card is linked to your bank account, a fraudulent use could compromise the cash in that account for days(weeks/months) that it takes to get the bank to clear up the situation. You should instead use a credit card that you pay off at the end of each month. That way any fraud impacts that card and not your bank account.

7.) I also suggest that you use one credit card for the bulk of your transactions. Have a second account set up but stick to one credit card. Then be sure to review each and every month every single transaction, seriously not fooling you need to do this each and every month.

8.) Credit Monitoring Services: If your credit card data was part of the HD or Target breech you can get free credit monitoring for a year. You should sign up for it. However you should also understand what it is. This will track only inquires, new accounts and negative data posted to your credit report. It will not prevent fraud. It simply tells you about activity and you then have to check it and determine if it is legit activity or not. It is just a means to detect the symptoms of ID fraud. It will not help clean up any issues but at least it gives you timely notice to act.

9.) Indepth Credit Services: There are several services, LifeLock is the bets known, that offer indepth services. They do not do anything that you yourself cannot do for free. That said they are very good at providing the advertised services. They can be pricey and I normally do not recommend them unless the person is a target or has had a history of ID theft. Again they are not fool poof but they do work. A caveat and the reason I do not recommend the service is because they are designed to make things like signing up for new services (CATV, cell phone, etc) impossible without your prior approval. So if you sign up for it and for instance decide that you need a phone from AT&T instead of say Sprint you not get the new service approved until you contact the company and ask them to lift the new credit hold for that transaction.

10.) Monitor your credit report and your credit score annually. You can do this for free. A couple of credit cards Discover being one now show your retail credit score each month on the statement. Now this is not your real credit score (it would take a whole other thread to discuss this) but is a reasonable estimate of your credit score. You can also get your credit report (without the score) annually for free. This will show all of your credit activity and history. You should review it for accuracy and deal with material inaccuracies as they appear.


Key Take Aways:

1) Only you can protect your personal data. Giving out less of it makes it easier.
2) If your credit or debit card was compromised and you are offered free credit monitoring sign up for it.
3) Do not use anything but Bank ATMS.
4) Use one credit card for retail and on line transactions.
5) Review the credit card/bank statement statement monthly without fail.
6.) Password are really important make sure to use them properly (min 16 characters are best).
7.) There are thieves literally all over the world looking for your data and waiting for you to screw up.


Govern your actions accordingly.

Edited to add:
I neglected to mention that I encourage anyone with information on scams or scam prevention to post and discuss these issues on this thread. :)

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Last edited by raptor on Tue Apr 07, 2015 2:08 pm, edited 3 times in total.

Share on FacebookShare on TwitterShare on TumblrShare on Google+
Top
 Profile  
Reply with quote  
PostPosted: Sun Sep 21, 2014 3:09 pm 
Offline
* * *
User avatar

Joined: Tue Nov 12, 2013 9:00 pm
Posts: 386
Has thanked: 0 time
Been thanked: 42 times
Excellent post raptor!

One thing to keep in mind is that ID theft is no longer just a BG taking your info and impersonating you...they've started something called synthetic ID theft (actually, it's probably been around for a while, but occurrences seem to be spiking upwards these past few months). Essentially, instead of getting your name, SSN, DOB, and a few other bits of data about you and then claiming to be you when BG opens a new credit card, BG now just gets a piece of that info (an SSN or name for example) from one person, another bit from another person, and so on, and then combines them to create an entirely new identity (or they just bullshit the rest of the missing info they don't have). The problem with this is that since it doesn't have all of the correct info, it doesn't usually raise any flags for the monitoring services out there, and even if it does, it's hard to pin it down to which part of the info is real and which part is faked. A lot of the cases are not being discovered until a collections agency gets involved and starts trying to research the "offending" person, usually by SSN. Apparently this method is also used in a lot of the credit repair scams out there. Scary stuff indeed.

http://www.timesdispatch.com/synthetic-id-theft-difficult-to-unravel/article_9a00ee5f-85ad-5949-9aae-b7384f8f09a1.html
http://idtheft.about.com/od/glossary/g/SyntheticIDT.htm

_________________
Woods Walker wrote:
...I don't think it matters if a backpack has Dora the Explorer on it. Based on my observations from years of hunting and fishing if something looks and acts like prey it will draw in predators.


Top
 Profile  
Reply with quote  
PostPosted: Sun Sep 21, 2014 7:48 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15643
Location: Greater New Orleans Area
Has thanked: 843 times
Been thanked: 473 times
Wraith6761 wrote:
One thing to keep in mind is that ID theft is no longer just a BG taking your info and impersonating you...they've started something called synthetic ID theft (actually, it's probably been around for a while, but occurrences seem to be spiking upwards these past few months). Essentially, instead of getting your name, SSN, DOB, and a few other bits of data about you and then claiming to be you when BG opens a new credit card, BG now just gets a piece of that info (an SSN or name for example) from one person, another bit from another person, and so on, and then combines them to create an entirely new identity (or they just bullshit the rest of the missing info they don't have).
http://www.timesdispatch.com/synthetic-id-theft-difficult-to-unravel/article_9a00ee5f-85ad-5949-9aae-b7384f8f09a1.htmlhttp://idtheft.about.com/od/glossary/g/SyntheticIDT.htm


Indeed the criminals are always looking for new ways to maximize their returns.

For instance the tax refund scams targeting the IRS where really rare 5 years ago. Today it is a huge scam. The amazing part is that they are targeting and beating the 1,200 lb gorilla (The IRS) who you would think would be a tough target.

http://money.cnn.com/2013/11/07/pf/taxe ... index.html

I have assisted people defrauded in such scams and it is a real nightmare for the victim to clean up.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Sun Sep 21, 2014 9:27 pm 
Offline
* * * * *
User avatar

Joined: Wed Feb 10, 2010 8:16 pm
Posts: 11342
Has thanked: 71 times
Been thanked: 574 times
That is all really sound advice.

You really need to guard that SS# for you and your family. The other day I came across a case of a 20 year old woman who had only been working for a year getting a demand letter from the IRS for unpaid taxes on work she performed 8 years ago when she was 12. They said she had made $30K as a factory worker. Someone was using her number to work and never paid any taxes or withheld any. Sloppy parenting I think.

Some other things that will keep you out of trouble:

- Never give out your credit card number to anyone on the phone who calls you. If you call them make certain it is them.

- If someone calls you to tell you that you "won" something; you probably didn't and should assume it is a scam. When they ask for a credit card number, bank account #, SS#, Greendot money card or whatever then you can be certain it is a scam. Hang up and block them.

_________________
"Big Thanks - I promise to advance your agenda within the secret and omnipotent councils of the Trilateral Commission"

“No-one likes us, we don’t care.”


Top
 Profile  
Reply with quote  
PostPosted: Sun Sep 21, 2014 11:01 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15643
Location: Greater New Orleans Area
Has thanked: 843 times
Been thanked: 473 times
Stercutus wrote:

You really need to guard that SS# for you and your family. The other day I came across a case of a 20 year old woman who had only been working for a year getting a demand letter from the IRS for unpaid taxes on work she performed 8 years ago when she was 12. They said she had made $30K as a factory worker. Someone was using her number to work and never paid any taxes or withheld any. Sloppy parenting I think.

Some other things that will keep you out of trouble:

- Never give out your credit card number to anyone on the phone who calls you. If you call them make certain it is them.

- If someone calls you to tell you that you "won" something; you probably didn't and should assume it is a scam. When they ask for a credit card number, bank account #, SS#, Greendot money card or whatever then you can be certain it is a scam. Hang up and block them.



Also good advice.

SS# for kids are especially useful to scammers and illegal aliens using the number for employment purposes.
It is a valid number and if done properly the crime may not turn up for years as in the above case.

A while back I was involved with a company that acquired another company that had hired a bunch of illegal aliens and they were using bogus SS# to get past the I-9 process. It was uncovered when our payroll audit detected several people using the same SS#. The auditors assumed the database had been compromised or were keyed incorrectly. They were not. These earnings were reported to the feds (as dictated by law) and someone had to pay income taxes on these earnings.

I wondered at the time whose kid was going to get stuck cleaning up that mess.

BTW we reran all SS# and terminated a bunch of people who could not provide a legitimate SS#. We follow the law to the letter.

It is actually relatively easy to clear up fraudulent debt for scammed minors. A birth certificate is a convincing argument.


As for phone calls never talk to them but rather tell them to note the call on the account and that you will call them back. Then call back the bank (or whomever)from the number that you have on file not the one they will want to give you. Start off the call by explaining the previous caller and ask if they have noted the previous conversation.

Emails now are at the point where I respond only to people I know. I have seen some really good phising emails. They look very real. Many firms now allow you put in a recognition phrase that they will put in the body or email header. If they offer that service use it.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Mon Sep 22, 2014 1:28 pm 
Offline
ZS Donor
ZS Donor
User avatar

Joined: Sun Aug 17, 2008 2:13 pm
Posts: 881
Location: Troy, Idaho
Has thanked: 15 times
Been thanked: 7 times
Quote:
10.) Monitor your credit report and your credit score annually. You can do this for free.


There are probably multiple sites to do this at, but I have used https://www.annualcreditreport.com/index.action in the past. This will not protect you, but rather allow you to fix a problem after the fact.


Top
 Profile  
Reply with quote  
PostPosted: Mon Sep 22, 2014 3:32 pm 
Offline
* * * * *
User avatar

Joined: Tue Nov 06, 2007 10:47 pm
Posts: 1362
Location: Kentucky
Has thanked: 12 times
Been thanked: 43 times
We signed up for a paid credit monitoring service, mostly because our son was leaving home for good to start a job on the west coast. Great kid; heart of gold and a head of cement. Long story short, the service picked up several credit checks and SSN checks and we were able to forestall a bad rental agreement, a student loan for 'training' that would have gone to the company he was supposed to be working for and the trade-in of a car we'd bought for him. Sadly, the promised job fell through and he's back home. I don't know how much money we saved (we would have bailed him out) but it has paid for itself already.

What the service won't pick up is an experience we had with Joe's Crab Shack in Louisville, KY. Within 24-hours of eating there and using our credit card to pay, someone was buying $99.99 of gas at a time at Walmarts all over Florida. The first time it happened I had no reason to connect the two events. After the second time, I contacted Joe's corporate HQ to let them know what was going on at their Louisville affiliate they weren't the least bit interested and I was told, "You can't prove it!" No, no I can't, but I can tell everyone on the internet what happened.

Both times, luckily, my credit card company, USAA, recognized the Walmart sales as obvious fraud, canx'd the card and refunded the money. They even nicely Fedex'd new cards to me at no charge. Security at USAA is pretty tight; I travel overseas quite a bit for work and have to call them every time and let them know not to freeze transactions when they see charge from strange places.

_________________
crypto wrote:
It's not that you were being "harsh" so much as a "douchebag".


Top
 Profile  
Reply with quote  
PostPosted: Mon Sep 22, 2014 5:10 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15643
Location: Greater New Orleans Area
Has thanked: 843 times
Been thanked: 473 times
Restaurants are credit card fraud hot spots. It is one of the few places where you give the credit card to someone who walks away with it and is out of your sight for an extended period of time. A blue tooth credit card reader is available on line for under $20 and that (and s smartphone) is all that person needs to read the magnetic strip on your credit card.

http://www.ebay.com/itm/Magtek-Bullet-M ... 20ea9dad48

Image

This is unfortunately very common.

That said this type of fraud may also occur because the merchant's data was compromised. Target and Home Depot are examples but a lot of small mom & pop businesses do not have a huge IT budgets and they may assume their networks are secure but in fact they are not. If Target, Home Depot and the IRS can be "pwned" what hope does mom & pop have or even the Landry family (Joe's Crab Shack's owner) have to do anything except detect the damage after the fact?

This restaurant in NOLA was a thriving and popular new place. Its network was compromised. Five of my friends ate there and used a credit card to pay, 100% were subsequently used for fraudulent purposes.

http://www.nola.com/business/index.ssf/ ... _says.html

The restaurant is using IPads to place orders and process POS transactions wirelessly all the while their POS system was compromised. The ironic part is the wireless POS system was used so that the credit card would not be out of site of the customer in an effort to discourage credit card number theft. When the news hit the paper, their business is still trying to recover due to the fact no one wants to risk a credit card there.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 02, 2014 4:30 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15643
Location: Greater New Orleans Area
Has thanked: 843 times
Been thanked: 473 times
Yet one more data breech. This one from JP Morgan.

http://www.cbsnews.com/news/jpmorgan-ch ... ased-bank/

The sad part for us is this is that we as consumers cannot prevent this type of data breech. We can only monitor our accounts after the fact.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 02, 2014 5:04 pm 
Offline
ZS Member
ZS Member

Joined: Tue Sep 23, 2014 10:33 am
Posts: 92
Location: West Linn, OR
Has thanked: 24 times
Been thanked: 38 times
I use a free website called Mint (mint.com) to watch for unauthorized credit card charges. Charges to my credit card get posted almost immediately, so once a day or so I pop in and look for anything suspicious. I caught one compromised card that way -- got it even before the credit card company did.


Top
 Profile  
Reply with quote  
PostPosted: Fri Oct 31, 2014 10:15 pm 
Offline
* * *
User avatar

Joined: Thu May 27, 2010 1:34 am
Posts: 410
Location: East Central Iowa
Has thanked: 43 times
Been thanked: 10 times
To add to point #6 (don't use debit on retail transactions), banks actually prefer that you use your Debit card as credit. It doesn't cost the bank nearly as much money to process a Debit card transaction when the card is run as credit. In fact, I went in last week to change the address on my account, and they switched me to a checking account where they encourage the use of the debit card as a "credit" transaction. It saves them so much money that, instead of paying them 3 bucks a month for the account, they pay ME 5 bucks a month as long as 10 of my debit card transactions are run as credit instead of debit.

Also, do your research on how banks handle fraud with debit cards. I've had my debit card number stolen THREE times, I do a LOT of online shopping so it doesn't surprise me. In all three instances, my bank's fraud detection called me within an hour of each fraudulent transaction to see if it was me, and upon finding out it wasn't, worked with me to have a new card setup but still have access to cash withdrawals at an ATM until the new card could be picked up. In one instance I was 1200 miles away in Colorado on my honeymoon when they called. In a single 4 minute phone call, they deactivated the card number, the ability to process Point Of Sale transactions, and upped my cash withdrawal ATM LIMIT so I could still take cash out for the remainder of the trip and not run low on available funds because of the card being shut down, or hit my daily withdrawal limit because my card couldn't be used. In each instance of fraud, I had several hundred dollars fraudulently used, but my bank protected me and I was not responsible for any of the fraudulent charges.

I haven't bothered to ask how their fraud detection works, but it definitely does. It seems to be based off the physical ability to be able to travel from point a to point b in a given time period. Since I was using my debit card in Colorado (or Iowa, where I live), some algorithm must tell them that it would be physically impossible for me to also use the same card for a Point Of Sale transaction within X Amount of miles within X amount of time, in the case of me being in Colorado someone was using it to buy train tickets in France. Obviously a plane ride from Colorado to France would take at least X amount of hours and they used it before that time was up or something like that. They even called me after I've flown from IA to AZ and used the card right before departure then right after landing just to make sure it was me.

_________________
BobtheBreaker wrote:
Paramedics must have been pissed! trying to lift that guy onto the gurney with his massive brass stones weighing everything down.

Heks wrote:
engagement ring.... is that a MOLLE accessory?


Top
 Profile  
Reply with quote  
PostPosted: Mon Nov 10, 2014 3:47 am 
Offline
* *
User avatar

Joined: Sat Dec 17, 2011 12:38 pm
Posts: 218
Location: USA, Midwest (edge of the Great Plains!)
Has thanked: 22 times
Been thanked: 8 times
Thanks Raptor! I wish there were more threads like this, dealing with genuine high risk issues, instead of the the less than one in a billion PAW wet dreams. ;)

I highly recommend Brian Krebs' cyber security blog. He's a journalist, not-an-engineer, and does a superb job of explaining stuff in Muggle-friendly language. He has earned the respect of the cybersecurity community, and often gets insider tips. He has excellent coverage of ATM/etc skimmers, and other common credit/debit exploits.

He recently did a write up on a successful attack against the faux-silver-bullet "chip" cards:
http://krebsonsecurity.com/2014/10/repl ... d-charges/

And here's another, more general article with interviews:
http://krebsonsecurity.com/2014/10/chip ... signature/
In that, here's a fracking scary quote from a professional implementing this (underline added by me):
Quote:
As I was doing my chip-and-PIN research earlier this year, there was one issuer that said quite bluntly, “We don’t really think we can teach Americans to do two things at once. So we’re going to start with teaching them how to dip, and if we have another watershed event like the Target breach and consumers start clamoring for PIN, then we’ll adjust.” So the issuers I spoke with wanted to keep it simple: Go to market with plain vanilla, and once we get this working, we can evaluate adding some sprinkles and toppings later.

Bottom line: Don't assume a "chip" card is 100% safe.

_________________
Pro : cake & pie, Kaywinnet Lee Frye's response to the Apocalypse
Anti: rage trolls, nanny squad, oaf & bigot squad, PAW boys, spammersImage


Top
 Profile  
Reply with quote  
PostPosted: Mon Nov 10, 2014 1:30 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15643
Location: Greater New Orleans Area
Has thanked: 843 times
Been thanked: 473 times
Honeypot wrote:
Bottom line: Don't assume a "chip" card is 100% safe.


I would note that any system designed by humans and requiring humans to use it can and eventually will be compromised in some manner or form. The chipped cards do not add additional security to online transactions or help the merchant store the data safely. They are good for retail transactions however.



You can add the USPS to the list of merchants who have been hacked.

http://www.cnn.com/2014/11/10/politics/ ... index.html

Quote:
Hackers recently broke into a U.S. Postal Service computer system and stole personal data, including social security numbers, for 750,000 employees and retirees, a U.S. official familiar with the breach told CNN on Monday.
The breach also compromised the data of 2.9 million postal service customers, the official said.
The Postal Service acknowledged the breach in a statement Monday but didn't provide details.
A USPS statement said: "The Postal Service has recently learned of a cyber-security intrusion into some of our information systems. We began investigating this incident as soon as we learned of it, and we are cooperating with the investigation, which is ongoing. The investigation is being led by the Federal Bureau of Investigation and joined by other federal and postal investigatory agencies. The intrusion is limited in scope and all operations of the Postal Service are functioning normally."



Target, Home Depot, Sears, JP Morgan just to name a few who have also been hacked. The sad truth here is there really is no way to keep your account information safe against events like this. It is out of your control.

The only defense here is use a specific and separate email account for your online activities and not store credit card information with the merchant.

You should make a point of using one credit card (not a debit card) for all online activity and most important check and reconcile the credit card statement monthly. This will allow you to detect credit card fraud faster.

The reason to use another email account is that the bets way to get steal your id is to review the emails coming to your address. It tells the crooks which merchants and banks with which you deal.

Extra email accounts are easy and most let you forward the emails to your main email account. Thus for instance if you use johndoespamaccount@ gmail.com for all of your online purchase notices and have that account forwarded to your main email account and do not save the forwarded messages; if it is compromised, there is not a lot to see in the account.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Mon Nov 10, 2014 1:50 pm 
Offline
* * * * *
User avatar

Joined: Sat Nov 03, 2012 5:41 pm
Posts: 3226
Location: Central Cascadia
Has thanked: 132 times
Been thanked: 268 times
Fantastic post Raptor!

I would like to add for those of us that travel international either for pleasure or for business, should take extra care as well. Four of the five times I've had fraud has been from international travel. Because of that I've talked with my credit union and have a debit/credit card that I only use for travel. I never keep money in it, when I travel I transfer a couple hundred dollars to it. When that runs out I transfer a few hundred more. There's nothing worse than being in an Eastern Block country, having your bank account stripped, having to use your cell phone to call your bank, being on the phone with them for over an hour, then finally being told that they will give you $200 of your own money for the next 2 weeks. Good thing it happened in an Eastern Block country because the $200 last nearly that long. haha

_________________
JeeperCreeper wrote:
I like huge dicks, Halfapint, so you are OK in my book.... hahaha
Spazzy wrote:
Tell ya what... If Zombies attack and the world ends I'll hook tandem toddlers to a plow if it means I'll be able to eat...


Top
 Profile  
Reply with quote  
PostPosted: Mon Nov 10, 2014 2:46 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15643
Location: Greater New Orleans Area
Has thanked: 843 times
Been thanked: 473 times
That is also another way to do it. The problem with that however is the link to the bank account. If the link is set up via the card and not at the bank level (some are, some are not) the fraudster could have the bank transfer more funds.

Also you have to fight to get your money back while with a credit card you hold the funds and the bank holds the fraud. That said the way you do it is a great way to avoid conversion fees when you convert funds. This way you can simply go to a local atm and pull out funds which a lot safer than walking around with a lot of cash. You can also avoid foreign transaction fees (although many CC also offer this feature).

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Thu Nov 13, 2014 1:05 pm 
Offline
*
User avatar

Joined: Mon Aug 04, 2008 6:30 am
Posts: 52
Location: Maryland
Has thanked: 0 time
Been thanked: 0 time
Don't forget to set up usage alerts on your existing CC accounts. These can help you catch unauthorized use of your account quickly.

_________________
Common sense in an uncommon degree is what the world calls wisdom.
-Samuel Taylor Coleridge


Top
 Profile  
Reply with quote  
PostPosted: Thu Nov 13, 2014 1:30 pm 
Offline
ZS Member
ZS Member

Joined: Thu Feb 14, 2013 4:10 pm
Posts: 922
Has thanked: 65 times
Been thanked: 48 times
Sinzitu wrote:
Don't forget to set up usage alerts on your existing CC accounts. These can help you catch unauthorized use of your account quickly.



If you set these up, make sure you notify the card company when you travel, so you don't get a declined card for no reason other than you are 1,000 miles from home...ask me how I know. :oops:

_________________
"If you are prepped for pandemic flu, you are more than prepped for Ebola. And pandemic flu is hella more likely, that's the one that scares me, personally." - Duodecima...and she's a freaking doctor. What are you?


Top
 Profile  
Reply with quote  
PostPosted: Thu Nov 13, 2014 6:06 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15643
Location: Greater New Orleans Area
Has thanked: 843 times
Been thanked: 473 times
Email alerts are a great idea.


Murphman wrote:
Sinzitu wrote:
Don't forget to set up usage alerts on your existing CC accounts. These can help you catch unauthorized use of your account quickly.



If you set these up, make sure you notify the card company when you travel, so you don't get a declined card for no reason other than you are 1,000 miles from home...ask me how I know. :oops:



I think you are confusing email alerts with CC limits. The alerts will either email or text you with notices of say transactions over a a limit that you set (for instance $300) or a credit card balance that exceeds a set limit (for instance $1,000).

I have all of my credit cards set to email or text mail me if there are charges above prescribed limits, if it hits a balance limit, a payment is due or a payment is late.

You should likewise do this for your checking account if it is offered.

Now what Murphman is describing is a limit and not all CC companies let you do that. However, most will let you set a "no international charges" limitation if you ask them to do so.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Sat Dec 27, 2014 6:29 pm 
Offline
ZS Global Moderator
ZS Global Moderator
User avatar

Joined: Fri Aug 10, 2007 6:33 am
Posts: 3602
Location: Hampshire, England
Has thanked: 2 times
Been thanked: 78 times
Honeypot wrote:
And here's another, more general article with interviews:
http://krebsonsecurity.com/2014/10/chip ... signature/
In that, here's a fracking scary quote from a professional implementing this (underline added by me):
Quote:
As I was doing my chip-and-PIN research earlier this year, there was one issuer that said quite bluntly, “We don’t really think we can teach Americans to do two things at once. So we’re going to start with teaching them how to dip, and if we have another watershed event like the Target breach and consumers start clamoring for PIN, then we’ll adjust.” So the issuers I spoke with wanted to keep it simple: Go to market with plain vanilla, and once we get this working, we can evaluate adding some sprinkles and toppings later.

Bottom line: Don't assume a "chip" card is 100% safe.

I'm still struggling to get to grips with the idea that the US has got chip cards but you're not using the PIN part :?

We've been chip-and-PIN for credit and debit cards here in the UK for ~10 years now and it works a treat. My debit card is also my ATM card, so it needs a PIN anyway; my credit cards (I have two, one Visa one MC) had PINs for ATMs and which now get regular use with the chip card POS readers. According to the UK payments industry figures I just Googled, lost/stolen and cloned card fraud is down by roughly half from 2003/04 when chip-and-PIN was rolled out. OTOH customer-not-present fraud is up by more than double.
http://www.financialfraudaction.org.uk/ ... tions/#/8/

I've also got a contactless payment "card" (one of these) which opens up a whole new vulnerability but as it's a prepaid MC and it only ever has £20 (~US$30) or so on it, to my mind it's no more of a risk than carrying cash.

_________________
Be Pure!
Be Vigilant!
Behave!


Member
ZSC:010 - UK Chapter
My EDC / GHB (needs updating)
Foundation licence holder - Mike-Six-mumble-mumble-mumble.


Top
 Profile  
Reply with quote  
PostPosted: Sat Dec 27, 2014 7:08 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15643
Location: Greater New Orleans Area
Has thanked: 843 times
Been thanked: 473 times
The US retail system is at least a decade behind the rest of the world. Why? Because it costs money to upgrade POS systems and the credit card customers (who are the retailers and not the users) have avoided it thus far.

We are seeing this change but slowly. I think the recent high profile POS hacks may help but honestly the chip and PIN system does no good if the store's POS is compromised. This is what has happened in the recent hacks.

Any computer system that has humans in the loop somewhere can be defeated. However many of the recent hacks have been too easy and went undetected too long by the merchants.

The truly scary part about this is that there is not a thing a customer can do (other than pay cash) if the merchant POS and its data has been compromised. Even if the chip/PIN is used, the data must be stored long enough to verify the transaction and if the system is compromised so is your data.

This is why you need to check your statements every month without fail.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Tue Mar 17, 2015 9:55 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15643
Location: Greater New Orleans Area
Has thanked: 843 times
Been thanked: 473 times
As if there is not enough risk to your personal data recent data breaches have targeted a new source of this data, your health insurer.

http://healthitsecurity.com/2015/02/05/ ... ii-of-80m/

The recent attack directed at Anthem potentially compromised the data of 80 million people. The breach is still being investigated but there is no doubt that there will be more attacks of this kind. In addition to your personal information the other reason to compromise your data is to access your health care benefits at your cost.

In this case the ID thief would run up medical services or get drugs all at your expense. This you have two things to track, your credit reports as well as your health insurance benefits statements.

One of the other risks is that the person who steals your medical history can change key things in your medical profile. Blue Cross lists these as risks.

Quote:

Receiving the wrong blood type if you ever need a transfusion;
Getting a medication you're allergic to;
Being refused medication or therapy because your medical history shows you have an allergy to it;
Difficulty getting life or health insurance; and
Endangering your employment if substance abuse is listed.


https://www.bcbsal.org/web/fraud/theft.html

So be aware of this risk.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 07, 2015 2:07 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15643
Location: Greater New Orleans Area
Has thanked: 843 times
Been thanked: 473 times
It is tax scam season.

People locally are getting phone calls from "IRS agents" 1) Claiming your tax refund is being held up pending a verification call and proof of ID which must include your social security number. 2) Your taxes are delinquent and an arrest warrant has been issued that can only be cancelled by an immediate payment of "x" amount with a prepaid gift card. 3.) My favorite. Your tax return was damaged in processing and they need you to provide your name, address and social security number so they can correct their records.

As I am sure most people know the IRS uses the US mail for such correspondence. If you get a phone call from someone claiming to be an IRS agent absent any correspondence; it is a scam.

If you get such a call feel free to have some fun with the scammers. :mrgreen:

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 07, 2015 3:25 pm 
Offline
* * * * *
User avatar

Joined: Wed Feb 10, 2010 8:16 pm
Posts: 11342
Has thanked: 71 times
Been thanked: 574 times
Let us not forget the good old "tax reparations" scams for being the descendent of a slave or a tribal Indian. Those never get old.

_________________
"Big Thanks - I promise to advance your agenda within the secret and omnipotent councils of the Trilateral Commission"

“No-one likes us, we don’t care.”


Top
 Profile  
Reply with quote  
PostPosted: Tue May 26, 2015 11:12 pm 
Offline
ZS Moderator
ZS Moderator
User avatar

Joined: Sun Mar 04, 2007 10:18 pm
Posts: 15643
Location: Greater New Orleans Area
Has thanked: 843 times
Been thanked: 473 times
Speaking of tax scams, even the IRS is not exempt from data breaches

Now this is not a traditional data loss in that the data thieves had to have a fair amount on the people that had their data compromised. They are also playing the long game in that this will allow them to file fraudulent returns next year.

http://news.yahoo.com/irs-commissioner- ... iness.html



Quote:
(Reuters) - Tax return information for about 100,000 U.S. taxpayers was illegally accessed by cyber criminals over the past four months, U.S. IRS Commissioner John Koskinen said on Tuesday, the latest in a series of data thefts that have alarmed American consumers.

From February to May, attackers sought to gain access to personal tax information 200,000 times through the agency's "Get Transcript" online application, which calls up information from previous returns, he told a news conference. About half of those attempts were successful.

The breach did not affect any IRS data outside the "Get Transcript" application, and the agency said it would strengthen its security measures.

Koskinen said he could not comment on who the attackers might be, and a criminal investigation was ongoing.

"We're confident these are not amateurs. These are actually organized crime syndicates that not only we but everyone in the financial industry are dealing with," Koskinen said.

The data theft was largely intended to steal taxpayers' information to submit fraudulent returns next year, he said.

The agency currently believes that fewer than 15,000 fraudulent returns were processed as a result of the breach, likely resulting in refunds of less than $50 million.

The IRS security problem is the latest in a string of breaches. JPMorgan Chase as well as mega-retailers Target and Home Depot have all suffered cyber attacks.

The IRS data theft differs in that it did not involve a computer hack. Criminals used information they had gathered about individuals to access the system as it was designed to be used, the IRS said.

The agency, which will begin to send notification letters to affected taxpayers this week, will provide free credit monitoring and protection for the victims.

Koskinen said the attackers must have had a significant amount of information already about the taxpayers.

In addition to names, addresses and Social Security numbers, the attackers would have needed so-called "out of wallet" data, personal information such as a person's first car or high school mascot, he said.

Koskinen said it was possible that identity thieves could get answers to these questions from individuals' social media accounts and compile them into searchable databases.

Koskinen said the tax agency was originally alerted to the problem by unusual activity in mid-April, which marks the end of the annual tax-filing season.

_________________
Duco Ergo Sum

Link to ZS Hall of Fame Forum
ImageImageImage


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 47 posts ]  Go to page 1, 2  Next

All times are UTC - 6 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group