Tag Archives: credit card fraud

Breach Brief – Wendy’s

Wendy's_logo_2012.svgIt seems that the Wendy’s data breach was worse than thought. The AACR first reported the data breach in January.  Now we are seeing the real damage. Wendy’s has admitted that the data breach was first suspected of affecting only a few hundred of its restaurants. Now the truth comes out and the number is over 1,000.

Wendy’s has released a searchable list of all the restaurants affected by the breach.

Originally Wendy’s believed that only 300 of its 5,700 franchises were breached. Wendy’s notified its customers and the public in February of the breach when it discovered evidence of malware in its POS systems.

Wendy’s has issued the following statement regarding the expanding breach.

“Based on the facts known to Wendy’s at this time, the additional malware targeted the following payment card data: cardholder name, credit or debit card number, expiration date, cardholder verification value, and service code. Please note that the cardholder verification value that may have been put at risk is not the three or four-digit value that is printed on the back or front of cards, which is sometimes used in online transactions.”

After detecting the presence of the malware Wendy’s claimed to have disabled it. Wendy’s believes that the malware attack first took place in the fall of 2015. Wendy’s also believes that it detected evidence of at least two separate malware attacks on its systems.

Customers of the fast food chain affected by the breach will receive are a year’s worth of “identity consultation” from Kroll Identity Theft Restoration if necessary. According Wendy’s “an experienced licensed investigator will work on your behalf to resolve related issues.

 

Safer Online Shopping with Burner Credit Cards

visa-full-colour-reverseAfrican-Americans hold almost a trillion dollars in buying power.  Much of that money is spent online. Black people do more online shopping than any other group and as a result we are more vulnerable to retail tracking and credit card fraud.  

Privacy and security is hard to come by in the digital age. Seems like everything is stored in somebody’s database and tracked; and these are the good guys.  The bad guys are hacking something everyday. Your credit card information is always vulnerable to theft. If it is stolen you get stuck with the hassle of calling your bank for a new one, or waiting to see if yours is misused. 

A new service known as Privacy.com lets you create virtual, disposable credit card numbers or burner cards, that deactivate instantly if stolen. Privacy.com actually creates a disposable card number that protects your security and privacy when you shop online. Privacy.com is a VISA card that can be used at any online store or anywhere VISA debit cards or gift cards are accepted. The cards are locked to a single merchant and you can make it a single-use or set transaction or monthly spending limits on them. The Privacy.com burner card does not require a credit check because it is not a credit card but works like a debit card. Spending limits are set at $1,000 a day and $2,000 a month.

Money on the card come directly from your selected account but the merchant does not see your account number or the credit cad number. The transaction process is completely anonymous.

People choosing to use the Privacy.com cards need to have an account at one of the following financial institutions;

According to the Privacy.com website the number of banks is growing. If you don’t see your bank on this list send them an email at  hello@privacy.com.

The Privacy.com service is only supported on  Google Chrome and Mozilla FireFox and the app is available in the iOS App store. The company is working on getting other browsers on board with the service. 

Now you know.

 

 

 

Secure Payments Arrive For Black Consumers

credit-card-safeHackers have been having a absolute field day breaking into store payment systems and stealing credit card data with impunity. The problem is intolerable for the consumer and costing everyone money everyday. Kaspersky Labs reported that over $1 billon dollars has been stolen from banks using sophisticated malware. Not to mention the additional billions lost in fraudulent credit card purchases and ATM fraud.  Last year that number topped $5 billion. In the end its always the consumer, that’s you and me, that pays for this fraud.

Securing the payment systems of American consumers has become the single most pressing cyber security problem for banks, pay services and merchants. Americans fear cyber crime and identity theft more than being murdered.

Thankfully credit card and technology companies are devising new more technologically advanced ways to combat data breaches and credit and debit card fraud. This is vitally important to African-Americans who are frequent Internet shoppers. And the last thing we tolerate is something funny happening with our money. As I have said many times before, black people don’t play when it comes to our money.

Black consumers, like all American consumers, should learn and quickly adopt the new ways that payments are being secured not only online but in brick mortar stores. Advances in technology allow payments to be made directly from a smartphone, new PIN and Chip technology prevents duplication of credit and debit cards and some systems are implementing single use tokens. The age of secure payments has arrived.

 

US-WhiteHouse-LogoThe White House Summit on Cybersecurity and Consumer Protection

This event, held at Stanford University, saw multiple companies and trade organizations announce new initiatives aimed at securing Internet transactions and reducing fraud.

A White House fact sheet revealed the efforts of the major players in the payment industry. Visa, for example, is committing to tokenization or substituting credit card numbers with randomly generated tokens for each transaction. They plan to initiate this system by the end of March.

The other payment giant, MasterCard, is investing more than $20 million in new cybersecurity tools that include the deployment of Safety Net, a new security solution that will reduce the risk of large-scale cyber-attacks.

SafetyNet is designed to add an extra layer of security by working with a bank or processor’s own security systems and detecting attacks before they happen.

Intel is releasing a new authentication technology that eliminates the password. The technology employs biometrics or personal physical measurements such as fingerprints or retinal patterns. American Express also announced a new multifactor authentication technology for consumers. MasterCard and First Tech Credit Union revealed a new pilot program that would allow consumers to authenticate and verify their transactions using a combination of biometrics, such as facial and voice recognition.

The president launched the BuySecure initiative in October of 2014. The initiative priorities include;

  • Securing payments across the economy, by advancing federal efforts to transition to more secure payment systems, building public-private awareness about more secure authentication, and calling on industry to enhance the security of their own systems and offer more secure options for their customers.
  • Helping Americans secure their good name, by improving resources to identify and remediate identity theft. This includes supporting credit score transparency and improving identity theft resources available to American consumers.
  • Enhanced information sharing, by enhancing the ability of federal agencies and industry to regularly exchange information about consumers’ compromised accounts.

what-kind-of-cr-1

Apple Pay

The AACR wrote back in September of Apple’s debut of the new Apple Pay technology. While everyone was raving about the new iPhone 6 Apple murdered the credit card.

Apple Pay replaces your credit card and the traditional swipe at the register. Apple Pay has made the act of purchasing easier by allowing you to just wave your phone in front of a reader in order to make a payment.  Apple claims the system is more secure than regular credit cards since the number is never stored on the phone or Apple servers and no one ever sees it. The credit card number is replaced by a “unique device number.”

Your credit cards will be stored in Passbook. You can add cards to your phone by taking a picture of the card or typing in the necessary  information like the credit card number, expiration date, and security code. It works with pretty much all credit cards and banks. According to Apple over 220,000 merchants are currently accepting Apple Pay.

MasterCard

MasterCard announced in October 2014 that it was partnering with Zwipe to develop a payment card with a built-in fingerprint authentication sensor.

The card allows customers to make contactless payments, using their fingerprint to confirm their identity. This eliminates the need for PINs and passwords thus increasing security.

VISA

A recent study from Visa Europe indicates that the new generation of banking customers would rather use biometric security devices than PINs and passwords for authentication.

Visa found that 75% of 16- to 24-year-olds said they would have no problem using biometric security, with 69% expecting it to be faster and easier than a password or PIN.

Visa also launched the Visa Token Service (VTS) in September 2014. The one time use token replaces the 16-digit account numbers, expiration dates and security codes, with so-called tokens. The tokens are a unique series of numbers that can be used to make payments without exposing the sensitive credit data such as the numbers, security code and expiration date.

Over 500 financial institutions have already implemented VTS according to Visa. The service will be expanded this year to additional payment environments. Visa also says tech companies and device manufacturers will deploy VTS on mobile devices. Merchants will also start using the solution to secure transactions made through mobile payment applications. Online merchants are also expected to deploy the tokenization service.

American Express

Tokenization has also been embraced by American Express, and the retail industry is seeking to develop a universal tokenization standard.

Amex will replace traditional 16-digit credit card numbers with a digital token. Consumers using the card supporting the token can make purchases online, with a mobile application, or in person using Near Field Communication (NFC) devices similar to Apple Pay technology.

The movement to more secure payments methods comes as retailers see the October 2015 deadline to support chip-and-pin credit payments getting closer. Merchants are being crushed under repeated data breaches costing ten of millions of dollars in repairs and legal costs.

Breaking It Down

Alright so what took so long? If you read this article you saw that the credit card companies have until October of this year to move to the new PIN and Chip cards. They had no choice. This situation is bad for everybody. Everybody is losing money and everybody is getting sick of it and everybody sees that no end was possible as long as the hackers had the upper hand. These payment companies, merchants and banks were locked in a cycle of one data breach after another and each more expensive than the last. The government was going to force a change this so they decided to get ahead of the wave. They had no choice. They could look out from their lofty corporate towers and see the angry flames of consumer torches gathering in the street below. It was not going to be pretty and they knew it. So now after losing hundreds of millions of dollars and looking stupid compared to the hackers, they have decided to act. They had no choice. They want you to believe that they did this on their own. But this could have been done at least two years ago. Europe has had the PIN and Chip technology for at least five years. These companies decided that since no one was making them do it why do it. But then the bleeding started. Hackers were draining the life out of these corporate clowns and their bottomline. The math was starting to swing against them and the government was getting involved. That is the only reason they decided to act. They had no choice.

 

 

 

Shopping Online? Think Credibility and Security

canstockphoto18667912Buying online. Its called e-commerce. African-Americans have gone from Black Friday sales to Cyber Mondays online. Online shopping is perfectly natural. You probably never even think about it, you just do it. Even with all the hacking and and identity theft going on millions of black people, like myself, will go online to find the best price on the product we need or want.

But before you shop you need to trust the website you’re dealing with. Website credibility means money for the merchant. But no credibility means you could get taken. Happens everyday. So I’m gonna say it again even though I’ve said it a thousands times already; Black people don’t play when it comes to our money.

Before I get into e-commerce credibility I want to talk about our credibility. African-Americans are a powerful consumer segment. According to research done by the Neilsen Company. Black buying power will reach $1.1 trillion by 2015. Yes, I said TRILLON! And that number will only grow. Neilsen says our buying power will reach $1.3 trillion by 2017. Clearly we are growing and gaining power as consumers.

Neilsen Study: African-Americans Are More Relevant Than Ever

But if you want to see a black person mad have them buy something and not get what they paid for! That’s why e-commerce credibility is so important when black people shop online. A funny thing about the African-American online shopper; we will do more research than other groups before we purchase. According to TheMinorityeye.com website 45% of black shoppers utilize the Internet early in their purchase process before we decide on a product or service. It takes black people longer to make a purchase. It means we are careful with our money. Do you need me to say it again?

Now we can talk about e-commerce credibility. Black people know the big names like Amazon, eBay, Macy’s, Walmart. But when you shop you will sometimes find a unique item or a special price for something. But is that website trustworthy? That’s the big question here. Here are ten steps you can take to protect yourself when shopping online

1) Know who you are dealing with –  The birth of the Internet and e-commerce resulted in a truly global market place. There is no where in the world you can’t shop. So your retailer may be in another country. Consider these things, is the name recognizable like Amazon.com or Walmart.com? These companies have solid reputations.  But sometimes you have to establish the identity of the smaller less known online retailers. So make sure to investigate the name and company registration details here in the U.S. Make sure you have a way to contact the company. Look for an an e-mail, postal address and telephone number and know definitely where the company’s headquarters is based. If you can’t find this information something is wrong. And test the companies response by sending them an email asking questions about their products or services. Did they respond quickly? Was the response acceptable and professional? And here is something else to look for, how is their English? Is it acceptable or poorly written with spelling and grammar errors. That’s a tip off that you need to investigate further. And finally check their online reputation by using the Better Business Bureau website. You can also visit websites like Scamadviser.com. This website allows you to enter the website address and get a fast review of the sites credibility.

2) Check their reputation –An online retailer may have a legitimate business but that doesn’t mean he has satisfied customers. Lets be real, some places will tell you all sales are final. And customer satisfaction is not a priority. So make sure you investigate the companies reputation thoroughly. Again the BBB is a good place to start. What is their return policy? Check online for customer feedback and issues. Are they rated highly by customers?

3) Understand billing, guarantees and delivery before you buy anything –  Be wary of hidden costs and payment details before sending credit card details. Keep an eye out for and calculate these costs into your purchase.

  • Packaging costs
  • Delivery costs
  • Know if you will be billed before or after the product or service is delivered.
  • Can you track the item from purchase to delivery to your door? This is crucial for more expensive items. The ability to electronically track your purchase adds to the companies reputation and credibility.
  • Does the product come with a guarantee against defects, functioning, appearance and quality?
  • What is the return policy? Throughly read the information on the site about cancellations, returns and refunds. Print a copy.
  • Who pays if the item is returned? Postage, fees etc.
  • If there is a cooling off  or grace period for expensive items. Some retailers will actually give you a ‘regret’ period, usually 48 hours, where you can cancel or return a really expensive purchase.

 4) Thoroughly review the site’s privacy and security policy. Reputable retailers are open about their data collection. Somewhere on the website they will outline exactly what data they collect from you and what they do with it. Many will display a web-seal of  approval or trust mark such as Trust-e that sets standards for the treatment of your information. Research this privacy policy to understand how the company will use your information after your purchase. Some companies will use your information to email you with updates, to inquire about your level of satisfaction, or offer you other products or deals. Some retailers also sell your information to third parties. That’s where your email spam comes from.  Ultimately you must decide what much information you are prepared to give. But the problem with that is that you do not always get that information upfront. Or you may have no choice in the matter. Except to shop elsewhere and that is definitely a powerful message. If you really want to make an impact simply email the company and tell the you didn’t buy from them because of their privacy policy.

5) Use only secure websites – Ok, your investigation is complete and you’re satisfied that the company you are purchasing from is legit. Now for the transaction.  You need to make double sure that your credit card data is processed using a secure connection. Commonly known as Secured Sockets Layer (SSL) this is the most commonly used form of encryption used online.  Your credit card data is encrypted by SSL and broken into small pieces so it cannot be read by a cyber criminal. To ensure that you are using SSL technology you need to check your browser for the following:

  • Your browser may be set to alert you that you are entering a secure area. Unless you are required to log in before shopping the secure area is the first page where you enter your personal information.
  • Look for the ‘https:’ on your browser URL address window. 

google-ssl-1319029457

That final “s” is telling you that the site is secure. But unless you were required to sign in from the beginning you won’t see the “s” until you are ready to complete your transaction. 

https-padlock-icon

  • Look for the little green padlock in the URL window. It should be locked or closed. If it is open then assume the site is not secure and don’t enter any data no matter how bad your want the product. Transmitting data over an un-secure connection is asking for trouble. Its called “being out in the open.”
  • Another symbol to look out for is the unbroken key. It also indicates a secure website. 

6) Attention to detail – Be sure to enter the correct information when submitting your order. An incorrect address, number of items or the wrong item code can cause some serious headaches. And that is not the way you want to test their customer service!  And make sure their math is correct. Check for hidden fees like re-stocking if you return the item. Look for convenience fees, unusual shipping fees and other sneaky charges some retailers attach to your purchase.  Double check this information before you click ‘buy’.  After you have completed the purchase start keeping records. Record your purchase details to include a receipt of the final price, email and credit card confirmations shipping details dates and times. If you can’t print them then do a screenshot of the information and save it or print that out. Remember, a paper trail is powerful tool. 

7) Use a credit card with online fraud protection. When all else fails its nice to know your credit card has a policy that protects your from online fraud. You can find the best credit cards for fighting fraud here. Make sure you read that policy and stick to it. It can save you from losing a lot of money. Many credit card companies offer protection against fraudulent purchases and includes coverage that includes online purchases. Check with your bank or credit card provider to see what protection you have. It may be time to switch to a safer card.

8) Use a good Phishing Filter –There are various phishing filters and some good ones are actually free. For Windows users there is Microsoft SmartScreen Filter for Internet Explorer. This software will alert you when it detects a suspicious website.

9) Be alert to email scams – Email scams are designed to gather personal information such as passwords and credit card details. These are known as phishing emails. And remember there is no software that can protect your from or detect a scam. Scammers send out millions of emails day after day hoping to snag unsuspecting or gullible victims. When they find one they immediately go after their confidential information often. These emails may mimic known retailers and look quite convincing. But keep in mind that legitimate companies, including all banks, never, ever send you an email requesting  login, password, or credit card details.  Don’t ever click on that link! Delete it and report it to your bank. If you have any doubts,  go to the website on your own by typing in the web address of the company. Again; do not click on that link. It may be malware or some other virus.

Being black and online requires you to be alert and knowledgeable. Don’t be somebody’s sucker when you shop online. Learn what you need to know to protect yourself because AACR rule #1 is; The only laws on the Internet are the ones you impose and enforce.

Now you know.

Video: Avoid Credit Card Fraud

Life is good. You have great dinner and whip out that credit card to pay for it. That sexy watch at the mall; break out that card. And of course drinks with the boys. All these purchases require you to surrender your card to a stranger for just a few minutes and in that few minutes you may get ripped off.

Credit card fraud is a fast growing crime that is very profitable. American credit cards are easy to duplicate because they only have a magnetic strip. Unlike European cards that have a chip embedded in them. Thats coming to the U.S soon but until then focus on protecting yourself.  Welivesecurity.com provides this excellent video to educate you on how to avoid credit card fraud.

Protect Yourself from Data Breaches

Data breaches are becoming far too common. And there is no single law that requires a company to tell their customers when, or if, such a data breach has occurred. As a result companies often pick and choose what laws to obey and which to ignore. Stores, banks and other services where you use your credit card often practice protecting themselves first before they consider your interests. In addition many of these companies are also deciding to pay off a claim of fraud rather than fix security issues in their systems. Its simply cheaper to pay you than invest money in more secure systems. Its the sad state of e-commerce security.

As a result black people and all consumers need to protect themselves when shopping online or in the brick and mortar stores.

Here are a few steps I’d advise the African-American consumers to take to protect your financial information and assets.

1) Monitor your bank accounts, daily!  There is no easier way to spot fraudulent charges than to pay careful attention to you bank account and your credit and debit card statement. My recommendation is that you check you accounts each evening. Its funny but a lot of people are watching television with their tablets or laptops. Use a few minutes to check those accounts. And change passwords, correction, pass phrases, frequently, like every six months. See something fishy?  Call your bank or card provider immediately.

2) Use a credit card, not a debit card.Why? Because government regulations protect you from fraudulent charges over $50 and most liability.  Use your credit card or a debit card with a signature, not a pin number. The regulations are not so clear when using a debit card with a pin and as a result you may end up on the hook for fraudulent charges.

“The best tip to avoid problems on your existing accounts is not to use debit cards, because not only is the credit card law better, but your own money is not at risk with a credit card,” says Ed Mierzwinski, consumer program director at the U.S. Public Interest Research Group.

3. Make use of free credit monitoring.  Whenever a data breach happens, and the word gets out, then a lot of financial institutions will offer credit monitoring to those customers affected. Its really not much but its something.  And you don’t have to pay anyone for your credit report. The government offers three free credit checks a year. Black people should take full advantage of this service. Your credit report will reveal if any loans or new credit cards have  your name on them. If you see something act immediately. It likely means your identity has been compromised. Get you free credit report herehttps://www.annualcreditreport.com/index.action

4) Make use of your banks security services. Many banks offer email alerts when a charge shows up on your account, especially major purchases. These can help protect you from identity theft. Some credit monitoring service will alert you when someone applies for credit in your name as well.  Be careful about online money transfers and online bill paying. Use a check and drop it in the mail.  Paper is indeed much more secure. And don’t use the same password for your bank that you use on Facebook or other websites.  Social media and other non-financial websites are easier to hack.

5) Don’t depend on the banks or credit companies to protect you. You are an after thought after they protect themselves.  Vendini is an online ticket seller that reported a data breach. Just this past Friday the company settled a rare class-action lawsuit about compromised data. Rare because the courts usually throw out cases where no actual damages are proven. Vendini will pay affected customers up to $3,000 for identity theft losses. But as I said, unless the customer can prove actual damages from the data loss the money may be out of reach. The lesson here is don’t expect companies to tell you if your data has been stolen. There is no law that says they have to tell, at least not right away. Its up to you to cover your own ass. 

Now you know.