Tag Archives: atm

Online Holiday Shopping 2016 – Security Basics

canstockphoto31830688Twice a year scammers crawl from underneath rocks and other nasty places to celebrate special holidays. First, tax season, then the holiday season. African-Americans using the Internet for holiday shopping need to be on guard against cyber crime.  Being aware of the scams and hazards can make a big difference in your holiday celebrations. 

The African-American Cyber Report is offering black people another season of valuable safety information to protect your holiday season so lets get started.

 

Card Skimming

Card skimmer courtesy of BBB.org

Card skimmer courtesy of BBB.org

Card skimming is actually pretty simple. Your credit or debit card information is copied when you swipe your card at a retailer or ATM. Cyber thieves install almost invisible devices or special software on retail card readers. This allows them to duplicate your card and steal your PIN. Its as simple as that. So how do you protect yourself?

First of all if something does not look or feel right stay way. For example is the face of the card reader loose or does it look kind of sloppy? Exposed glue or loose fitting parts? Do the buttons require more effort than normal to press? Does your card have to be swiped several times to work properly. Here’s a trick; pull or tug at the face of the reader. It may come off in your hand. Do the same at ATM’s. Check those buttons. Try to move them or lift the key pad. Check the card insert. Pull on that. Check to see if there is something in the slot or protruding from it. You have got to be alert! If you find any of these things notify the retailer and your bank if you have used it.

If possible use your credit card and not your debit card. It is extremely hard to get your money back from a bank debit card. But a credit card transaction can be cancelled and you will normally not be charged. Skimmers can be found anywhere even at Walmart.

RFID Card Protection

paypassThis is less likely but does happen. Your credit and debit card are sometimes equipped with a feature allowing you to charge things with a quick tap of the card on the pay terminal. You may have one of the cards with brands like PayPassExpressPay, or PayWave.

These cards have RFID (radio frequency identification) chips. With the right equipment criminals can scan your card and steal your card’s data. Protect your card by using a RFID blocking sleeve, or an RFID wallet available online at retailers like Amazon.

But as we said before this is not likely. An RFID reader has poor range so the scammer would have to be standing awfully close to read your card. Keep that in mind when you are fighting that crowd on Black Friday. 

 

EMV or Chip Cards Safety

chipcardYou should by now have the credit card with the EMV chip embedded in it. If not contact your bank or card provider and ask for it. That chip is used to encrypt the transaction data when you charge something. 

The objective of card chip was to reduce card fraud. This technology is not perfect. Some retailers have failed to switch to EMV even though the deadline passed in 2015.  Why? Retailers and customers complain that the process is too slow. Chip cards have reduced point-of-sale fraud. But the crooks have worked around it. The latest hazard is fraudulent “card-not-present” transactions online. Criminals can obtain the credit card number, security code, expiration date from criminal websites that sell this information. Personal information like your dog’s name or your mother’s birthday can be found on Facebook. They use this information to hijack your online accounts. That’s what happens when you put too much of your business online.

 

Tech Support Scams


tech-support-scam-popupNew tablets, laptops, smartphones and big screen televisions are big sellers on Black Friday. Tech support scams are common all year round but the efforts by scammers increases during the holidays. 

These scammers are intent on getting you to pay for support or software you don’t need or simply doesn’t exist. This includes extended warranties. They email you with a sales pitch or issue warnings from what appears to be a Microsoft representative. Be aware! Anti-virus companies do not call you to let you know you have a computer virus. Don’t ever agree to let anyone access your computer from a remote location. Don’t download any software online that you are not sure of. If you don’t have the expertise to know then consult a professional.

Computers often come with a ton of useless software or games. This is known as bloatware or crapware. Be careful! These programs can cost you money. They often entice children and adults to buy things without them even realizing it.

 

Phony Bank Calls

During the holiday season you are using your bank and debit cards more often. Beware if someone claiming to be your bank or credit card company calls you. Remember when it comes to your money you should be asking the questions.

Scammers will call victims claiming to be investigating card fraud or suspicious activity. They will ask questions that reveal your personal information like your credit card number or PIN. Don’t answer these questions. Hang up and call your bank from a number you know. Or stop by in person. These scammers are professionals at alarming you and getting you to reveal information used to rip you off.  When it comes to your money only deal with people you know and trust. Never, ever reveal any personal information to a voice over the phone.

 

Email and Phishing Scams

Image courtesy of David Castillo Dominici, freedigitalphotos.net

Image courtesy of David Castillo Dominici, freedigitalphotos.net

Be careful where you click! Be extremely cautious about clicking on or downloading coupons in your email. It may be ransomware. This is a malicious software program that locks up your computer until you pay to get it released. It happens a lot and is one of the hottest computer scams going on right now.

Clicking on the wrong email may release malware on to your computer that steals information, monitors your activity and changes your settings. It may even secretly take control of your computer and email itself to all your contacts. Understand that scammers can duplicate an email from Macy’s, Walmart and any other major retailer. Check the return email address to make sure you know who its from. Check the retailers website for information regarding sales, coupons and possible scams. 

Be careful about holiday contests. When you fill out a contest form you maybe giving out personal information. Same for holiday coupons that ask for your name, email address and other personal information.

This holiday season; Be Alert! Be Aware!

 

 

 

Celebrity Cyber Report – Mike Tyson

Iron MikeFormer heavyweight boxing champ Mike Tyson has jumped into the Bitcoin game. You might remember the mountains of money that boxing legend George Forman made by endorsing an electric grill? Well Iron Mike is using that strategy by endorsing an app based Bitcoin wallet and ATM.

Bitcoins are a digital currency that is created and held electronically. Unlike hard currency such as the dollar or Euro, there is no controlling authority and its completely untraceable. Bitcoins are produced by people, and by more and more businesses, running computers all around the world using software that solves mathematical problems. Solving these problems results in the creation of a Bitcoin. That’s Bitcoin in a nutshell. To learn more about Bitcoins check out this article.

Tyson is endorsing Bitcoin Direct, a subsidiary of Connexus Corporation. In a separate deal Tyson previously announced another partnership with this company  which is making Bitcoin ATMs more widely available.

This new app based digital wallet is designed to introduce Bitcoins to smartphones. Users of smartphones  will be able to buy and sell Bitcoins through the app. The app will set certain thresholds for minimum amounts, letting the user quickly confirm payments over the platform and reducing the risk of losing their Bitcoins through a glitch or hacking.

Tyson admits he is no expert on the digital currency and neither was George Foreman a chef. So Like George, Iron Mike is bringing his name, fame and facial tattoo to the company.

Pay-at-the-Pump Skimming on the Rise

gas pump skimmer tape

Security tape on gas pump card reader


Security experts are warning of a rise in skimming attacks at gas stations. Millions of
African-Americans use self-service gas pumps everyday and could be vulnerable to skimming attacks.

Skimming attacks are expected to rise significantly between now and the end of 2016 because of the change to the new EMV or PIN and Chip cards. Criminals are targeting self-service terminals at gas stations and ATMs because they are not yet using the new card technology.

Financial fraud expert Avivah Litan said, “Unattended, and especially older, self-service gas pumps are, and have always been, a very attractive target for criminals. And they will become increasingly attractive, as these will be some of the last payment acceptance devices to be upgraded to EMV in the U.S.”

Although the EMV fraud liability shifted for physical point-of-sale devices in the U.S. this past October, the liability shift for self-service gas pumps does will not be implemented until October of 2016 for MasterCard and October 2017 for Visa. October 2017 is also the date set by both card brands for EMV fraud liability shifts at U.S. ATMs.

Experts have been expecting a shift in card fraud as a result of the new EMV cards. They are warning consumers and retailers that gas stations and convenience stores should at least require customers to use their zip codes to authorize payments. This practice dramatically reduces card fraud.

Security executives are warning retailers to step up physical security at the pumps to reduce the opportunity for criminals to install skimmers.   “To place the device on the pump, the fraudster needs access to inside the pump door, so from my perspective, better physical security is needed,” the executive says. “From some of the devices we have seen placed, they are on the pumps for several days, if not a few weeks; and in cases of Bluetooth or Wi-Fi enablement, to download the data, the devices may be left on longer, as to not risk capture or removal.”

To avoid gas pump skimmer follow these steps;

  • Examine the card slot closely. Wiggle or tug on the slot to make sure it is secure.
  • Check security seal on the card slot.
  • Look for signs of tampering such as broken lock on the cover.
  • Use cash whenever possible.
  • Use a credit card rather than a debit card.
  • If you must use a debit card select the option on the screen that allows you to have your debit card purchase processed as a credit card transaction.  Don’t use your PIN  which is what the bad guys need to withdraw cash from your account at an ATM.
  • As always monitor you bank account and card transactions closely.

Now you know.

 

 

How Safe is that ATM?

Remember the good ol’ days when ATM security meant making sure you didn’t get mugged. Well those days aren’t exactly gone. You still have to be careful. But the crooks are now using card skimmers, fake keypads and other devices to rob you. So how safe is that ATM?

Card skimmer courtesy of BBB.org

Card skimmer courtesy of BBB.org

ATM security nowadays means understanding how criminals are using technology to rob you. Its time to learn their methods and technology.

 

 

 

 

Remember that ATM machines do not have to belong to a bank or any financial institution. The can be privately owned by a person or business. There is even an organization of private ATM owners known as the National ATM Council. And you can find websites that show you how to set up your own network. Would you like to buy your own ATM? It’s that simple.

viral4real.com

Fake ATM key pad Courtesy viral4real.com


So how do you spot a fake or suspicious ATM?

  • Avoid standalone ATMs in suspicious locations. Be alert to brand names you are not familiar with.
  • A legitimate ATM machine is very secure. Since they contain cash they will be bolted and secured to a wall or floor. Free standing ATM machines that can be easily moved are to be avoided.
  • Clever criminals will sometimes place their crooked ATM next to a legitimate ATM then place an out of order sign on the legitimate one. That could indicate that the one with the sign may actually be the working ATM.  The out-of-order sign could trick you into using the criminal’s machine. Be aware!
  • Check the card slot and key pad. Is either loose or out of place?  That ATM may have been tampered with.  Check the card reader slot and key pad by trying to remove it. Yank or pull on it. It may come off in your hand. If so you have found a skimmer.  Legitimate ATM machines don’t have loose or removable parts.
  • Look for a micro camera or any other out of place device used to record your PIN.
  • Look for ATM machines with open or loose side panels or broken locks especially at drive through ATMs. Don’t use it and report a suspicious ATM to the bank immediately.
  • Check your balances daily and make sure there are no suspicious charges related to ATM use. Report any strange activity immediately.
  • Report suspicious activity around an ATM machine to the police.

Now you know

Watch Out For Card Skimmers

Watch out for card skimmers. African Americans need to be on the look out for trouble no matter where they are. And using your credit or debit card is no different. Card skimmers are sneaky little devices that can hide on an ATM machine, gas pump or anywhere you use your card.  Krebs On Security has an excellent article about card skimmers and everything you need to now about them.

But what you want to know is how to avoid them. It is possible to spot a card skimmer and avoid getting robbed. And like a lot of things in the cyber world African-American should educate themselves to whats happening.

Lets start with what a card skimmer really is. A credit card skimmer is a portable electronic device that easily attaches to the front of or on top the actual scanner on ATMs, gas pumps, or any standard card reader. Point of sale or POS devices your see in stores are also card scanners. The skimmer is programmed to passively record your card data when you insert your credit card into the real scanner.

These skimmers are temporarily attached to gas pumps, ATMs, or other point of sale terminals. Thieves  like gas pumps and ATMs for two simple reasons. They are easy to retrieve and they get a lot of traffic. A thief needs only seconds to attach the skimmer and just as quickly can retrieve it.

Over the years skimmer  technology has become cheaper and more sophisticated as have the thieves. Thieves have used skimmers in concert with tiny cameras to record your PIN number along with the data on the magnetic strip. If they don’t use a camera thieves have gone as far as to attach  another key pad over the legitimate one to capture your PIN.  The fake pad records your PIN number while passing your PIN to the real keypad beneath it. Now let me teach you how to avoid this cyber scam.

First of all, and this is pretty simple, avoid any ATM, gas pump or other POS that does not look right. Trust your instincts because some gas stations are shady to begin with and anyone can set up their own ATM machine anywhere. You don’t have to be a bank. Bet you didn’t know that? If it doesn’t look right then keep it moving.

 Inspect that card reader and the PIN pad thoroughly.

Pull on it. Try to take it off. It may come off in your hand. Skimming devices are designed to be temporary so they can be easily removed by a thief. They often simply just walk by and snatch it off in an instant.  Check and see if it looks like the other card readers and key pads. Banks and merchants understand that skimming is on the rise. Some might have a picture of the slot and pad so you can see what it looks like. But I wouldn’t trust that either. Some really bold thieves have replaced the entire front of the ATM!

To see what some skimmers look like check out these examples of card skimmers so you’ll have an idea of what to look for.

I said earlier that skimming technology is advancing. Now thieves are using Bluetooth skimmers. These wireless devices connect directly to the pump’s or ATM’s power supply, and include a Bluetooth chip. The device transmits the card and PIN information to the thieves wirelessly. Thieves just pull up to the pump or ATM and download the information directly to a laptop.

Avoid using your PIN number at the gas pump.

When paying at the pump with your debit or credit card you sometimes have the option to use your card  as a credit or debit.  Choose the credit option.  This allows you to avoid entering your PIN for a camera to see or a phony keypad to record. And always, always be alert to strangers lurking nearby. Also when using your card as a credit card you only have to use use your zip code to complete the purchase. A much safer option.

Keep an eye on your accounts.

Black people don’t play when it comes to our money. So check your accounts regularly; like every 24 hours. The quicker you spot a fraudulent charge the easier it is to deal with. That means bank accounts and credit card charges.

Now you know.

For additional information on skimmers please visit;

The Verge: The tiny devices that steal credit card data are getting impossibly hard to detect.

Krebs On Security: The Rise of Thin, Mini and Insert Skimmers

Krebs On Security: All about Skimmers

 

 

Cyber Security; Its Your Right To Ask Questions

canstockphoto8662069As an African-American consumer you should not shy away from asking the tough questions when it comes to cyber security. You’re banking online, shopping online, even ordering dinner online. All these things require you to expose your bank account or credit card online. You need to know who is protecting you and how. For example; Microsoft stopped supporting Windows XP about a month ago. They no longer offer security updates or other technical support for that operating system. Did you know that 95% of all  ATMs  use Windows XP? That’s right your ATM machine is using outdated software and not many banks have switched to another software. You are vulnerable. Some banks have cut a deal with Microsoft to get extended support but that’s just temporary.

Now my question is has your bank notified you?  Probably not. Why? Because replacing the operating systems on ATMs is a major project that is extremely expensive. In the United States alone there are 210,500 bank affiliated ATMs. Roughly 200,000  run Windows XP according to the London based Retail Banking Research.  According to the National ATM Council there are over 400,000 ATM machines in the U.S. and about  half are owned by Independent ATM Deployers or IADs. That means there are probably a helluva lot more ATMs running the outdated XP operating system. The problem is that banks and IADs must upgrade the software one ATM at a time. And many of them require that the  entire computer inside be replaced.  Add in the cost of the labor and the price could add up to between $1,000 to $3,500 per ATM. Banks are not eager to pay out that much money so they keep quiet. But it’s your right to ask, no demand, answers. Don’t shy away from this because if you happen to get ripped off the bank is not going to replace your money easily.So ask them, what are they doing about the Windows XP issue?

If you have been reading my blog I wrote about the Heartbleed bug.  Federal Regulators warned banks to patch the bug in their servers. Has you bank done so? Have you asked?

You have the right to protect yourself. Those you do business with have an obligation to inform customers how they are going to protect your financial information and your money. That is, if they want to keep you as a customer. So ask questions.

I also suggest you do the occasional web search for information about your bank, credit card company or any merchant you do business with. There is a lot of information about companies especially from consumers. Try Angie’s List or Yelp.com. You can search social media like Facebook. Try www.companynamesucks.com. Believe it or not it usually works and you will see what dissatisfied consumers are saying.

What to ask is probably your first question. Here are a few questions you need to ask your bank, credit card company or online merchant;

1. Does my bank have a plan to update their ATM operating systems? When?

2. Has my bank patched the Heartbleed vulnerability?

3. What level of encryption does my bank use online? The answer should be 128 bit encryption.

4. If there is a security breach when will my bank/credit card company/online merchant inform me? What is the policy?

5. Ask your credit card company when (not if) they will adopt the PIN and chip cards? Any later than October 2015 is the wrong answer.

These are just a few simple questions to ask. The answers should be in writing. Many banks will mail you pamphlets or a letter stating their policies. They may also direct you to their customer service department or website. That’s fine but whatever they tell you make sure you can find it in writing. If you can’t find it then demand it in writing. This is the best way to protect yourself. If something should happen you know exactly what to do and you know what your bank/credit card company/merchant is supposed to be doing.  Don’t take a chance with this. Make sure you know your rights as a cyber consumer. Remember 40 million people had their information stolen in the Target data breach. And I’ll bet that not many knew what to do or what Target was doing. Don’t let that happen to you.