Tag Archives: card not present fraud

Breach Brief – Chili’s

Popular restaurant chain Chili’s has issued a statement reporting a data breach of its payments system. According to the statement Chili’s became aware of the breach on May 11th of this year and admitted that some customer’s payment information was compromised. The data breach is believed to impact patrons who ate at the chain between March and April of 2018.  Chili’s is owned by Dallas-based Brinker International, Inc.

The breach is believed to have been carried out by malware inserted into payment systems that gathered payment information including credit and debit card numbers as well as cardholder names. The company has not specified which of its 1,600 locations were affected by the data breach or how many customers are impacted.

Officials of the restaurant chain have contacted both law enforcement and third-party forensic experts as part of the investigation. Chili’s reports it’s trying to provide fraud resolution and credit monitoring services for affected customers and it will share more information as it becomes available. The company will notify customers affected by the breach and plan to offer free identity theft protection services through ID Expert’s MyIDCare. The company is advising customers to be vigilant for possible fraudulent charges on their credit or debit cards and for indications  of identity theft.

Brinker International also owns Italian eatery Maggiano’s which is unaffected by the breach.

National Cyber Security Awareness Month – Beware of Skimmers!

Lets face it; technology is everywhere in our daily lives. So much so that we have gotten to the point where we use it without a thought. Hackers and thieves depend on a certain level of laziness to victimize people using card skimmers.

Everyday millions of Africans-Americans pull out their debit or credit card and swipe it. We swipe it for gas, food, clothes, medicine, every conceivable purchase. But are we aware of how vulnerable your money, and even your financial life, is when you swipe your card?

One of the most prolific, and easiest,  cyber crimes is the use of skimmers. A skimmer is a small device that is almost invisible to the naked eye. It is placed inside credit card readers. When you swipe your card through the reader the device records the information on your credit/debit card and transmits it to criminals. These skimmers can be found anywhere you use a credit card. The gas station, a convenience store or even an ATM. As I said already, spotting these little devices is very difficult. Sometimes the thieves will mount a skimmer over a card scanner. Sometimes they can gain access to the machine and mount the device inside. These cyber criminals are so good that they can even build skimmers with key pads that record your PIN and you would never know you were using it.

Newer credit and debit cards have what’s known as the EMV or chip and PIN cards. These are much more secure because they transmit transaction data encrypted. But those are not 100% secure either.

After they get your information they may decide to empty your bank account or max out your credit card on a  shopping spree. Its calledcard not present fraud.”

So how do you detect a card skimmer?

If you investigate the device you can sometimes spot a skimmer. Here are a few tips.

  1. Look for tampering. Check the device for any sign that it has been tampered with. Check top, bottom and both sides of an ATM. Check the card reader and the keyboard.
  2. Does it look right? Do you recognize it? If it is your bank ATM does it look different, such as a different color or material, graphics that aren’t quite correct or anything else that doesn’t look right. Be alert and paranoid about any machine. 
  3. If you’re at the bank and there is more than one ATM compare them. Look for obvious differences between the two? They should be identical.  If not alert the bank and police immediately.
  4. Check that  keyboard. Is it too thick? Is it loose or just does not look like it fits right? There may be a PIN-snatching overlay. Don’t use it.

    Fake ATM keypad

    5. Push, pull, jiggle everything. ATM’s are pretty sturdy so it should feel solid. Card skimmers and fake key pads are installed quickly and if you pull on one it may come off in your hand.

6. Another good practice is to hide your hand when entering your PIN. Some hackers use tiny cameras mounted above the ATM to record your PIN. Use one hand to cover the other when entering your PIN.

A card skimmer can be anywhere. You need to be alert and look for any signs that something is wrong. Be aware of gas pumps that might have been tampered with. This is a favorite hacker target. Why? Because they have a high volume of traffic and are not closely monitored. A good crook can install a card skimmer in seconds and come back for it in a few minutes having collected data from several cards. He may do this at several gas stations in a single day.

But the criminal may not come back for the skimmer at all. In the past skimmers had memory chips that required criminals to come back and retrieve the device. No more. The newest skimmers can transmit the information via Bluetooth or text message to the criminals computer. They can install the skimmer and record for hours. And you don’t have to build these devices. You can easily buy these devices on the web where they are sold openly.

But you can fight back. Your smartphone can detect these Bluetooth skimmers. When you arrive at a gas pump or any location using a self-serve card machine whip out your smartphone and  go to settings. Turn on the Bluetooth and have it search for sources. If a you see a string of suspicious numbers come up do not swipe your card in that pump or ATM. Report it to the police and store management immediately.

There are also apps that can detect skimmers. Skimmer Scanner is currently available for Android phones and it can detect the presence of a skimmer on a card swipe machine. The Skimmer Scanner app checks for nearby Bluetooth transmissions and alerts you when one is detected.

Now you know.

Online Holiday Shopping 2016 – Security Basics

canstockphoto31830688Twice a year scammers crawl from underneath rocks and other nasty places to celebrate special holidays. First, tax season, then the holiday season. African-Americans using the Internet for holiday shopping need to be on guard against cyber crime.  Being aware of the scams and hazards can make a big difference in your holiday celebrations. 

The African-American Cyber Report is offering black people another season of valuable safety information to protect your holiday season so lets get started.

 

Card Skimming

Card skimmer courtesy of BBB.org

Card skimmer courtesy of BBB.org

Card skimming is actually pretty simple. Your credit or debit card information is copied when you swipe your card at a retailer or ATM. Cyber thieves install almost invisible devices or special software on retail card readers. This allows them to duplicate your card and steal your PIN. Its as simple as that. So how do you protect yourself?

First of all if something does not look or feel right stay way. For example is the face of the card reader loose or does it look kind of sloppy? Exposed glue or loose fitting parts? Do the buttons require more effort than normal to press? Does your card have to be swiped several times to work properly. Here’s a trick; pull or tug at the face of the reader. It may come off in your hand. Do the same at ATM’s. Check those buttons. Try to move them or lift the key pad. Check the card insert. Pull on that. Check to see if there is something in the slot or protruding from it. You have got to be alert! If you find any of these things notify the retailer and your bank if you have used it.

If possible use your credit card and not your debit card. It is extremely hard to get your money back from a bank debit card. But a credit card transaction can be cancelled and you will normally not be charged. Skimmers can be found anywhere even at Walmart.

RFID Card Protection

paypassThis is less likely but does happen. Your credit and debit card are sometimes equipped with a feature allowing you to charge things with a quick tap of the card on the pay terminal. You may have one of the cards with brands like PayPassExpressPay, or PayWave.

These cards have RFID (radio frequency identification) chips. With the right equipment criminals can scan your card and steal your card’s data. Protect your card by using a RFID blocking sleeve, or an RFID wallet available online at retailers like Amazon.

But as we said before this is not likely. An RFID reader has poor range so the scammer would have to be standing awfully close to read your card. Keep that in mind when you are fighting that crowd on Black Friday. 

 

EMV or Chip Cards Safety

chipcardYou should by now have the credit card with the EMV chip embedded in it. If not contact your bank or card provider and ask for it. That chip is used to encrypt the transaction data when you charge something. 

The objective of card chip was to reduce card fraud. This technology is not perfect. Some retailers have failed to switch to EMV even though the deadline passed in 2015.  Why? Retailers and customers complain that the process is too slow. Chip cards have reduced point-of-sale fraud. But the crooks have worked around it. The latest hazard is fraudulent “card-not-present” transactions online. Criminals can obtain the credit card number, security code, expiration date from criminal websites that sell this information. Personal information like your dog’s name or your mother’s birthday can be found on Facebook. They use this information to hijack your online accounts. That’s what happens when you put too much of your business online.

 

Tech Support Scams


tech-support-scam-popupNew tablets, laptops, smartphones and big screen televisions are big sellers on Black Friday. Tech support scams are common all year round but the efforts by scammers increases during the holidays. 

These scammers are intent on getting you to pay for support or software you don’t need or simply doesn’t exist. This includes extended warranties. They email you with a sales pitch or issue warnings from what appears to be a Microsoft representative. Be aware! Anti-virus companies do not call you to let you know you have a computer virus. Don’t ever agree to let anyone access your computer from a remote location. Don’t download any software online that you are not sure of. If you don’t have the expertise to know then consult a professional.

Computers often come with a ton of useless software or games. This is known as bloatware or crapware. Be careful! These programs can cost you money. They often entice children and adults to buy things without them even realizing it.

 

Phony Bank Calls

During the holiday season you are using your bank and debit cards more often. Beware if someone claiming to be your bank or credit card company calls you. Remember when it comes to your money you should be asking the questions.

Scammers will call victims claiming to be investigating card fraud or suspicious activity. They will ask questions that reveal your personal information like your credit card number or PIN. Don’t answer these questions. Hang up and call your bank from a number you know. Or stop by in person. These scammers are professionals at alarming you and getting you to reveal information used to rip you off.  When it comes to your money only deal with people you know and trust. Never, ever reveal any personal information to a voice over the phone.

 

Email and Phishing Scams

Image courtesy of David Castillo Dominici, freedigitalphotos.net

Image courtesy of David Castillo Dominici, freedigitalphotos.net

Be careful where you click! Be extremely cautious about clicking on or downloading coupons in your email. It may be ransomware. This is a malicious software program that locks up your computer until you pay to get it released. It happens a lot and is one of the hottest computer scams going on right now.

Clicking on the wrong email may release malware on to your computer that steals information, monitors your activity and changes your settings. It may even secretly take control of your computer and email itself to all your contacts. Understand that scammers can duplicate an email from Macy’s, Walmart and any other major retailer. Check the return email address to make sure you know who its from. Check the retailers website for information regarding sales, coupons and possible scams. 

Be careful about holiday contests. When you fill out a contest form you maybe giving out personal information. Same for holiday coupons that ask for your name, email address and other personal information.

This holiday season; Be Alert! Be Aware!

 

 

 

EMV is Coming! EMV is Coming!

chipcardOctober is EMV card month. And what is EMV? Currently there are 1.96 billion credit cards in circulation and they are about to change. Black people all over America are walking around with a credit or debit card in their purse or wallet. So we need to know and understand what EMV is and how it will change the landscape of credit card use starting in October. So lets get started.

First of all next month the way you use your credit or debit card will change. The first thing that will change is the card itself. America is the last major market on earth to switch to the chip embedded card. Why? The short answer is laziness, stupidity or ignorance by all involved. If you have not already received your chip embedded card now is the time to call your bank or card provider and ask when you should expect it.

The new card is called the EMV which stands for  Europay MasterCard VISA after the people who invented it. The first noticeable difference in the new card will be the chip, which is the small silver or gold chip embedded in the front of the card. Because of this chip the card should be more secure than the current magnetic stripe card you may still be carrying. Magnetic stripe cards save static payment data that can be copied, stolen or skimmed from one card and put onto another. This duplicate card data is then used to make all kinds of fraudulent purchases. Magnetic strip cards are simply outdated and notoriously insecure. The EMV technology adds a layer of security to the payment process.

EMV card readerf

EMV Card Reader

The EMV card works a little differently. The chip you see on your card has encrypted data. EMV card readers can read that data. Each purchase made with an EMV card creates a individual code unique to that particular purchase. If a hacker got a hold of that code he would not able to use it. You should be seeing the card readers in stores already. Once you slide your card into the reader, no more swiping, powerful cryptographic functions validate the authenticity of the card and cardholder. Bottom line is the encryption makes it extremely difficult to create a duplicate or fake card. But keep in mind that the magnetic strip is not likely to disappear from cards. Many small merchants will continue to use the old style card reader.

When you pay using the EMV card reader your card is instantly identified as being authentic by a process called dynamic authentication. When used with a PIN, the chip proves that the customer is paying with his or her own card.

Another change coming in October is the liability shift. A liability shift means that the responsibility for credit card fraud shifts slightly from just the card issuer to a shared liability of both the issuer or merchant that doesn’t use EMV technology. This change provides both parties with an incentive to adopt the technology. However it is not required that either party switch to the new technology. Why? Lets keep this as simple as possible; some issuers and merchants may still feel it is cheaper to take a loss on card fraud than to invest in the new technology. Is that simple enough for you?

NerdWallet’s Sean McQuay, a credit card expert and former VISA strategy analyst says, “EMV is a powerful tool, but it’s only effective if both consumers and merchants are ready to use it for transactions. Consumers need chip cards and merchants need chip readers. If only one side has upgraded to EMV for a specific transaction, then the upgrade was a waste.”

But will EMV solve all of our card security concerns? Probably not. This new technology is great but not perfect.

For example; in person transactions would definitely be more secure. Not so with thecard not presenttype of transaction such as purchases by phone or online. Using your card at the gas pump will continue to be dangerous since gas pumps aren’t required to implement the new technology until 2017. So this type of fraud is expected to increase.

So learn to protect yourself. Hackers are going to be going after those store that don’t use the new EMV card and card readers. That’s the first place you are vulnerable. Avoid those stores whenever possible by keeping a little extra cash in your pocket. And demand the new card from your bank or issuer. If they have decided not to go with the new technology then you may want to got with an institution that does.When shopping online avoid unfamiliar or unsecure websites. When you see “https” at the beginning of the payment page’s URL that means it is a secure payment site. Avoid it if you only see “http.” Change your user name and password regularly if you store your card information with any online retailers. Avoid sending credit card information via email or social media. 

Finally, criminals work hard too steal your money. The technology arms war n isever ending and hackers have already developed methods for hacking the EMV cards. Read on!

Here is more of what you need to know about the new EMV card technology.

Federal Reserve say Chip and Signature Not Enough.

Bad Guys Already Compromising Chip and PIN Cards

Now you know.