Tag Archives: online banking

Breach Brief – SunTrust Bank

SunTrust Bank has reported a data breach that may have compromised the personal information of up to 1.5 million customers. According to reports the bank believes a former employee may have stolen customer information to give to a criminal third party.

SunTrust first became aware of improper access to customer records in February. An internal investigation implicated the ex-employee for the alleged theft. According to the Wall Street Journal the employee tried to print the records and share them with a “criminal third party.”

According to SunTrust the names, addresses, phone numbers and account balances of 1.5 million customers were breached. However the bank does not believe that Social Security numbers, account numbers, passwords, and driver’s license information were accessed. SunTrust also stated that there’s no indication that fraudulent activity has occurred with the affected accounts.

The bank has begun  the process of contacting customers whose info may have been compromised. SunTrust is also planing to provide free identity protection to all its customers whether they have been impacted by the breach or not. 

SunTrust customers can go to this website to see if they are affected by the breach.

The incident is under investigation and the bank continues to work closely with law enforcement and outside experts.

National Cyber Security Awareness Month – Smartphones

African-Americans have embraced mobile technology.  According to Pew Research African-Americans are more likely to use mobile technology, smartphones and tablets, to access the Internet than whites. So we should be more aware of how to secure these devices.

I don’t have to tell you that your smartphone is the most valuable and sensitive piece of technology you own. To put it simply; it contains your life. Everyone you know is inside that device. All your passwords are probably saved there along with other sensitive data such as payment information, pictures, banking information and apps, social media apps, email, calendars and schedules and sensitive text messages. Because of all this data your phone is an attractive target to hackers.

Know Where Your Phone is at All Times.

Use the technology available to you to locate you phone or tablet if it should come up missing. Apple users make sure you use theFind My iPhone/Find My iPadfeature of the device. This feature can show you on a map exactly where you device is within a few feet. If you have an Android phone then Google offers  theFind My Deviceservice that can also pinpoint the location of your phone. There are also numerous app that can be used to track your device.

If you realize that your phone is gone for good then you can erase all the data on the device using the “Find My iPhone/Find My iPad” feature and lock the device from anyone using it. The same can be done for Android devices. Lets hope this is never the case but be prepared by knowing how to use these features and backing up your data so it can be easily downloaded to your new device.

The first most important thing you need to do is to keep control of your device at all times. No doubt you have experienced the feeling of losing it if only for a few minutes. Make sure you keep track of it at all times. “Nuff said there.

Be Paranoid!

Did you know that your phone can be hacked? As a matter of fact you probably already have been. First of all, anything that can connect to the Internet can be hacked…period! What makes your phone so vulnerable is that it has the capability to connect to anyone, anywhere in the world, at any time. You need to fear this capability. Be paranoid!

Most phones are hacked by connecting to a wi-fi network. Do you know your phone settings? Is your phone set to connect to any open wi-fi network? If so then you are vulnerable to a hacker. Make sure your phone is set to “Ask” to join an open wi-fi. Think about that when you walk into a Starbucks or Panera Bread or anyplace that offers free wi-fi. Those places are hangouts for hackers. Be paranoid!

Should you have to connect to an open wi-fi avoid doing any sensitive business such as banking. This is what the hacker is waiting for. Any password or credit card information transmitted over an open wi-fi is fair game. Anyone close enough to pick up that open wi-fi signal can be a hacker. Be paranoid!

If your phone is out of date it is vulnerable. Keep your iOS and Android operating system up to date. This means your apps too. Apps and programs that have not updated are a vulnerable. Be paranoid about apps that request unusual permissions. These suspicious apps could ask for access to your camera or your email. Ask yourself why? Keep your phone updated. Do not download apps offered to you via email or text massage. Avoid third party app stores. Don’t respond to unknown text message or click on any links you are not absolutely sure of. This is a form of  social engineering where someone convinces you to do something you shouldn’t.  Be paranoid!

Don’t let strangers use your phone. There is an attack that occurs just by dialing a certain number. Here is the scenario; a stranger approaches you and claims his or her phone is broken or the battery is dead. They have a child or elderly parent waiting to hear from them and they ask to use your phone for a minute. Being the angel you are you allow them. They dial a number and then punch in a code and download malware or app that takes over your phone, monitors your activity and steal your data. Hey, it happens. Don’t be a victim. Be paranoid!

Now you know, October is National Cyber Security Awareness Month.

National Cyber Security Awareness Month

October is National Cyber Security Awareness Month (NCSAM). In recognition the African-American Cyber Report will be participating with the Department of Homeland Security to promote awareness of cyber security issues and personal safety online.

Each week the AACR will publish articles that promote cyber security at home, at work and for your children. The AACR is dedicated to bringing the message of cyber security to African-Americans who use the Internet in their daily life. We are focused on protecting you, your home and your children from cyber fraud, hacking, viruses, malware, personal data theft and other cyber threats. 

African-Americans are full participants in the technology revolution from smartphones, to mobile banking to e-commerce to social media. As such we must become more aware of what is happening in cyberspace. We need to understand the dangers and the opportunities that the Internet presents. 

As part of NCSAM the Dept. of Homeland Security is offering all Americans the Stop.Think.Connect. Toolkit. The Toolkit is a series of information pamphlets designed to educate various audiences on cyber security awareness and online safety. The targeted audiences include;

  • Students K-8, 9-12, and Undergraduate
  • Parents and Educators
  • Young Professionals
  • Older Americans
  • Government
  • Industry
  • Small Business
  • Law Enforcement

The educational material covers 22 topic areas that include social media awareness, mobile banking, and educating children about going online. 

We invite you to join us as we focus on the safety and security of all people but especially our brothers and sisters who use the greatest communication technology ever invented, the Internet.

Online Transaction Security

Trying to protect your money online is no easy task. Online transaction security is almost nonexistent with some companies. And many banks will simply pay off your fraud claim rather than secure their systems. These guys at the top of banks and transaction services feel it is not yet worth the price of providing good security.  Its cheaper to simply pay the claim than investing in better security. So when you shop online, pay bills, or do your online banking its basically up to you to protect yourself and your money. Don’t depend on or even hope that the any retail or online store is looking out for your best interest. Its a dream! Why? Because you can’t really hurt them. The courts require you to prove actual damages from a data breach before you can bring a lawsuit. So unless you can prove your identity was stolen because your bank sucks at protecting data you are basically out in the cold. That needs to change. All we can hope for is that these companies lose enough money to start suing each other and that’s exactly whats happening. We are also seeing the goverment step in as the FTC is now getting in the game and suing these companies for their poor data security.

I strongly suggest that you visit Kaspersky Labs and check our their article for some helpful tips to keep you safe when conducting transactions online. Because black people don’t play when it comes to money. Yeah, I said it again.

What is Multi-Factor Authentication?

ID-100233708

Courtesy of Danilo Rizzuti

We have seen passwords attacked and broken time and time again. Black people are like everybody else, making the same passwords mistakes. Mistakes like using the same password at multiple websites and making your password simple to remember and just as easy to guess. I mean really, some passwords are just stupid.

I preach it over and over again to black people everywhere. Stop using passwords and start using pass phrases. Long passwords with lots of number and characters. And if you do it right its easy to remember.

Well let me share the latest news with you so you can be ready when it catches up to you. The password is dead. The age of a single password sign on is rapidly coming to a close. If you read the news of the Russian hackers who stole over a billion passwords then you know it has to stop.

Enter multi-factor authentication. At AACR I pride myself on taking the techno-babble out and giving my readers simple and easy to understand information that they can make use of. Let’s talk about multi-authentication.

There three kinds or authentication. They are as follows;

  • Single factor authentication – This is something a user knows, usually a password. As I said, that is dead.
  • Two-factor authentication This is something the user has and includes a password. You are probably already using two factor authentication every time you make a purchase. You slide your card then enter a four number PIN. That is two factor authentication you use everyday.Many companies use a digital fob. You may have seen one hanging on a somebody’s key ring. The user will use their password and the numbers that appear on the fob to get access to a computer or files. Other companies and the federal government require the user to use an identity card with a chip. The user will place the card into the computer to make it work. And even more secure systems will use a biometric device such as a fingerprint reader. The RSA SecurID fob is the most commonly seen form of two factor authentication. But some of you may have a fingerprint reader on your computer, tablet or cell phone. And some computers have facial recognition software loaded on them as well.
  • Three-factor authentication –The final factor combined with the two previous factors is “something a user is.”  Examples of a third factor are all biometric profiles such as the user’s voice, hand size, a fingerprint, or the retina scan which is the most common.

But As I have said before the single password is dead. You can start using this now on many popular websites and email services. As matter of fact your bank may already offer two factor authentication. If you want to know what websites and banks offer two factor authentication then please visit Twofactorauth.org to see their list.

Other technology companies and email services also offer two factor authentication. Here are a few examples.

Google/Gmail: Google will send you a 6-digit passcode to your listed phone. The Google Play Store offers Google’s Authenticator app here for Android, iOS, and BlackBerry.

Apple: Apple also sends a 4-digit code to your phone. In addition you can enable Apple’s Find My iPhone app . This app notifies you when you, or someone else, attempts to log in from a new machine.

Facebook/Twitter: Facebook and Twitter both dispatch a 6-digit code to your phone when you attempt to log in from a new machine.

PayPal: DO you use PayPal when shopping online (and who doesn’t)? PayPal will also send you a 6-digit code to your phone. If you shop online at all then you better be using two factor authentication already.

Microsoft Accounts: Microsoft issues a  7-digit code to your phone or and alternate email address. Microsoft’s two-step authentication also protects your other accounts such as Sky Drive (Personal Documents, Photos etc.) and Outlook emails.

Two factor authentication is something I urge black people to get on board early. I sincerely believe that it is just a matter of time before most websites make it a requirement.  The incidence of thefts and hacking has become too great to ignore much longer. African-Americans who wish to keep their personal data and money safe will heed my advice. Take the time to check all your online accounts that support two-factor authentication and enable the function immediately. 

Now you know.

Protect Yourself from Data Breaches

Data breaches are becoming far too common. And there is no single law that requires a company to tell their customers when, or if, such a data breach has occurred. As a result companies often pick and choose what laws to obey and which to ignore. Stores, banks and other services where you use your credit card often practice protecting themselves first before they consider your interests. In addition many of these companies are also deciding to pay off a claim of fraud rather than fix security issues in their systems. Its simply cheaper to pay you than invest money in more secure systems. Its the sad state of e-commerce security.

As a result black people and all consumers need to protect themselves when shopping online or in the brick and mortar stores.

Here are a few steps I’d advise the African-American consumers to take to protect your financial information and assets.

1) Monitor your bank accounts, daily!  There is no easier way to spot fraudulent charges than to pay careful attention to you bank account and your credit and debit card statement. My recommendation is that you check you accounts each evening. Its funny but a lot of people are watching television with their tablets or laptops. Use a few minutes to check those accounts. And change passwords, correction, pass phrases, frequently, like every six months. See something fishy?  Call your bank or card provider immediately.

2) Use a credit card, not a debit card.Why? Because government regulations protect you from fraudulent charges over $50 and most liability.  Use your credit card or a debit card with a signature, not a pin number. The regulations are not so clear when using a debit card with a pin and as a result you may end up on the hook for fraudulent charges.

“The best tip to avoid problems on your existing accounts is not to use debit cards, because not only is the credit card law better, but your own money is not at risk with a credit card,” says Ed Mierzwinski, consumer program director at the U.S. Public Interest Research Group.

3. Make use of free credit monitoring.  Whenever a data breach happens, and the word gets out, then a lot of financial institutions will offer credit monitoring to those customers affected. Its really not much but its something.  And you don’t have to pay anyone for your credit report. The government offers three free credit checks a year. Black people should take full advantage of this service. Your credit report will reveal if any loans or new credit cards have  your name on them. If you see something act immediately. It likely means your identity has been compromised. Get you free credit report herehttps://www.annualcreditreport.com/index.action

4) Make use of your banks security services. Many banks offer email alerts when a charge shows up on your account, especially major purchases. These can help protect you from identity theft. Some credit monitoring service will alert you when someone applies for credit in your name as well.  Be careful about online money transfers and online bill paying. Use a check and drop it in the mail.  Paper is indeed much more secure. And don’t use the same password for your bank that you use on Facebook or other websites.  Social media and other non-financial websites are easier to hack.

5) Don’t depend on the banks or credit companies to protect you. You are an after thought after they protect themselves.  Vendini is an online ticket seller that reported a data breach. Just this past Friday the company settled a rare class-action lawsuit about compromised data. Rare because the courts usually throw out cases where no actual damages are proven. Vendini will pay affected customers up to $3,000 for identity theft losses. But as I said, unless the customer can prove actual damages from the data loss the money may be out of reach. The lesson here is don’t expect companies to tell you if your data has been stolen. There is no law that says they have to tell, at least not right away. Its up to you to cover your own ass. 

Now you know.

Banks Pay Up; Don’t Bother to Investigate Cybercrime

ID-100145306

Courtesy or ddpavumba

A recent study of online banks and merchants by Kaspersky Labs indicate that banks pay up but don’t bother to investigate cybrecrime. These banks would rather pay off the claim rather than secure their systems.

Even with the skyrocketing rate of information theft banks and merchants are simply compensating their customers for fraudulent charges. More than half of financial institutions, 52%, pay off their customers claim without conducting any kind of investigation whatsoever. The rate of pay off  in Western Europe is 54%.

Kaspersky Labs joined with B2B International to conduct the study. The results show almost a third of institutions believe that the price of implementing an effective security systems is more expensive than simply repaying the customer’s loss due to Internet fraud.

It seems that the concept of paying off a claim is common among organizations that manage online payments. The study showed that 28% of representatives of financial institutions and 32% of employees of online stores who responded to the study believe that the cost of  cybercrime, including the repayment of stolen money, is cheaper than implementing effective security in their payment systems.

Only 19% of banks and 7% of online merchants point to the cost of paying customer’s claims as one of the top three most serious consequences of online payment fraud.

And the situation is getting worse. Kaspersky Security Network reported that almost four million users of its products in 2013 have been affected by financial malware used to steal their money. This is an increase of 18.6% compared to 2012. In December of 2013 a group of U.S. banks reported losing more than $200 million due to the theft of customer’s personal information or their credit card data. Losses may be higher than reported due to the continued growth of cybercrime. Some experts believe that the situation will eventually get to the point where the costs of refunds these institutions pay out will exceed the budgets for customer compensation. 

Breaking It Down

This is the Ford Pinto all over again. Remember Ford thought it cheaper to pay off lawsuits resulting from car fires rather than fix the problem. Well here we go again.

It seems banks and online merchants simply don’t care. Black people don’t play with our money. (Yeah, I said it again.) But the banks seem to be playing a game with a lot of people’s money. They feel like as long as its cheaper to pay off the loss rather than fix the system they are winning.

But these banks and financial institutions fail to realize one thing. They are not alone on an island. What they do affects a lot of people all over the world.  Where is the stolen money going? It may be going to terrorist. It may be going to sleazy foreign governments. It could be used to buy weapons for private armies in some third world country.  The money may be used to buy guns and drugs that permeate the inner city killing children, black children. The bottom line is that these banks are not only complicit in the crime they ignore, they perpetuate it.

African-Americans are consumers. We use the banks, credit cards and buy billions of dollars of goods every year. We also seem to suffer disproportionately when the economy starts to drag. We were victimized way beyond the national average in the housing market collapse. So we see this situation coming to a head. And we see we will get burned worse than others when banks begin to collapse from cybercrime.

By refusing to invest in secure systems these money changers destroy the trust that all people, not just African-Americans, have in the financial system. As black people we are not trusting of these institutions to begin with. So we are looking at this situation knowing that it can’t go on forever. Somebody has to pay and too often its the economic underclass which we make up a big part of.

We are heading for a world where people simply hide their money in the mattress and use cash for everything. What then? Well we could see another depression when there is no money in the banks for lending and credit dries up. When credit dries up so does economic development and you know we are going to get the worst of it. It is a situation that must be dealt with before something really bad happens. I need not go into that…do I?

 

Cyber Security; Its Your Right To Ask Questions

canstockphoto8662069As an African-American consumer you should not shy away from asking the tough questions when it comes to cyber security. You’re banking online, shopping online, even ordering dinner online. All these things require you to expose your bank account or credit card online. You need to know who is protecting you and how. For example; Microsoft stopped supporting Windows XP about a month ago. They no longer offer security updates or other technical support for that operating system. Did you know that 95% of all  ATMs  use Windows XP? That’s right your ATM machine is using outdated software and not many banks have switched to another software. You are vulnerable. Some banks have cut a deal with Microsoft to get extended support but that’s just temporary.

Now my question is has your bank notified you?  Probably not. Why? Because replacing the operating systems on ATMs is a major project that is extremely expensive. In the United States alone there are 210,500 bank affiliated ATMs. Roughly 200,000  run Windows XP according to the London based Retail Banking Research.  According to the National ATM Council there are over 400,000 ATM machines in the U.S. and about  half are owned by Independent ATM Deployers or IADs. That means there are probably a helluva lot more ATMs running the outdated XP operating system. The problem is that banks and IADs must upgrade the software one ATM at a time. And many of them require that the  entire computer inside be replaced.  Add in the cost of the labor and the price could add up to between $1,000 to $3,500 per ATM. Banks are not eager to pay out that much money so they keep quiet. But it’s your right to ask, no demand, answers. Don’t shy away from this because if you happen to get ripped off the bank is not going to replace your money easily.So ask them, what are they doing about the Windows XP issue?

If you have been reading my blog I wrote about the Heartbleed bug.  Federal Regulators warned banks to patch the bug in their servers. Has you bank done so? Have you asked?

You have the right to protect yourself. Those you do business with have an obligation to inform customers how they are going to protect your financial information and your money. That is, if they want to keep you as a customer. So ask questions.

I also suggest you do the occasional web search for information about your bank, credit card company or any merchant you do business with. There is a lot of information about companies especially from consumers. Try Angie’s List or Yelp.com. You can search social media like Facebook. Try www.companynamesucks.com. Believe it or not it usually works and you will see what dissatisfied consumers are saying.

What to ask is probably your first question. Here are a few questions you need to ask your bank, credit card company or online merchant;

1. Does my bank have a plan to update their ATM operating systems? When?

2. Has my bank patched the Heartbleed vulnerability?

3. What level of encryption does my bank use online? The answer should be 128 bit encryption.

4. If there is a security breach when will my bank/credit card company/online merchant inform me? What is the policy?

5. Ask your credit card company when (not if) they will adopt the PIN and chip cards? Any later than October 2015 is the wrong answer.

These are just a few simple questions to ask. The answers should be in writing. Many banks will mail you pamphlets or a letter stating their policies. They may also direct you to their customer service department or website. That’s fine but whatever they tell you make sure you can find it in writing. If you can’t find it then demand it in writing. This is the best way to protect yourself. If something should happen you know exactly what to do and you know what your bank/credit card company/merchant is supposed to be doing.  Don’t take a chance with this. Make sure you know your rights as a cyber consumer. Remember 40 million people had their information stolen in the Target data breach. And I’ll bet that not many knew what to do or what Target was doing. Don’t let that happen to you.

Heartbleed; The Black Perspective, Now You Know

Black heartbleedHeartbleed, from a black perspective, is just as disastrous. If you have not heard about Heartbleed then my job is to highlight these type of events for black people and show my brothers and sisters what is happening in the cyber world. I’m not going to get technical on you here. The Heartbleed bug does not need a lot of explanation. Its really very simple to understand;  websites using a program to protect, or encrypt, your information and communications with that website is not working properly. It hasn’t been working properly for two years.  So anyone with enough technical knowledge can now see what’s on servers and computers you do business with. It’s that simple. It’s like finding you had a leaking water pipe under your house for the last two years and now you have to fix the foundation. That’s what happening on the Internet right now. Less tech, more knowledge here.

Black people do more banking online and mobile banking using wireless devices than other groups.  So when I tell you that someone might get into your bank and steal your user name and password then you better pay attention.  I’m talking about your money! And you know we don’t play when it comes to money. Is that simple enough for you?

Now how many black people use Yahoo! email? Gmail? What about Facebook? See this thing is bigger than you realize. Two thirds of the servers and computers used on the Internet have this flaw. Now you see why I’m here sounding the alarm. That’s literally millions of websites wide open for attack which means if you use these sites you are wide open too. Do you have an Android phone like a Samsung or HTC? You’re vulnerable too.

Call it nosy but since I’m black I have some questions that I want answered. For example, I bank online and I use Yahoo! and Gmail email. And I shop online as well. But not one place where I shop or use my credit cards has sent me a single email saying what they are doing to fix the situation. You would think there would be some effort to comfort customers and re-assure them that everything is being done to secure their information. Nothing!

Everywhere I go on the Internet and everything I read about the Heartbleed bug tells me to change user names and passwords. But my question is why? How do I know if my bank or the place I buy shoes online has fixed their problems? I have read that is the situation in some cases. People are changing their passwords and the site is still broken. No one, not a single website has said anything. No notifications have come my way! I would think this is basic customer service. They should just send out an email saying they are working on the problem and will have it fixed soon. As a black man  and Internet user that’s what I want to know. Otherwise how am I supposed to know whats happening. How do I know whats happening behind the scenes at my bank? I’m black and you have to tell me whats going or I get…black!

This really is not a black issue. But we have our opinion about it. Its an Internet issue and most of all a customer service issue. We expect a lot for our money. I think everyone does. But for black people I think I speak for us all when I say ; Don’t ignore me. If there is a problem let me know…now.

The Internet is a color blind technology. When something goes wrong it impacts everyone online. Black people included. Now you know.

African-Americans Embrace Mobile Banking

 

ID-100240439

Image courtesy of Stuart Miles, FreeDigitalPhoto.net

African-Americans are banking on the move. A recent report from Pew Research found that African American and Hispanic people are taking the lead when it comes to mobile banking. The research found that 51% of adults in the U.S. bank online and 35% of cellphone owners bank using their phone.

Among the findings in the Pew study was that the popularity of mobile banking continues to grow among minority groups, especially African-Americans, nearly doubling in two years. Forty one percent of non-whites reported using their smartphones to check their bank balances and make payments. This includes 39% of African-Americans.

Another report from the Federal Reserve Board also found that Black and Latinos were significantly more likely to use mobile banking than whites.

None of these numbers surprised the experts. African-Americans and Latinos appear to be more comfortable using mobile technology and have higher ownership rates of smartphones than whites.  In 2010 survey numbers showed that 45% of Latinos and 33% of African-Americans owned smartphones while only 27% of whites did.  That number grew to 71% by 2013, while the national average was only 62%.

The question has to be why? In a report on Diversityinc.com Assistant Professor of Communications at Rutgers University Vikki Katz said that socioeconomic factors are the reason. She highlighted additional data from Pew research showing African-Americans, compared to other groups, had less overall access to home-based broadband. “Higher rates of mobile banking are not surprising among individuals who, if they choose to do online banking, can only do so via a mobile device,” she said, “as opposed to being able to choose between doing so on a mobile phone or a PC.

A more telling factor is revealed by Dedrick Muhammad Executive Director of the Financial Freedom Center who stated; “Historically, access to brick-and-mortar banks is not as prevalent in African-American communities,” he said, adding that many banks charge higher fees to bank in person than online. “So you have a cheaper product, using a cheaper means that provides greater access to African-Americans. It makes sense that African-Americans use mobile banking more.”

Breaking It Down

African-Americans are using mobile banking for different reasons. And Mr. Muhammad hit it on the head. Many black communities simply do not have banks close by. Or grocery stores either! There are vast empty commerce deserts in black communities where businesses simply do not go. You can find the exploiters there like liquor stores and check cashing businesses but not much else. I am not blaming the businesses. There are problems in these communities. But the working black people there have discovered how to manage their money electronically. They go to their smartphones. And how many of these neighborhoods offer high speed Internet anyway? Starting to get the picture? Now let’s visit the other end of the socio-economic scale. Higher income African-Americans expects ease and convenience just like higher income whites. They have access to the technology, the high speed connections and are early adopters of mobile technology. Banking on the go offers them more freedom to manage their busy lives. Black people have to adapt and sometimes quickly. Mobile technology helps us to overcome the hurdles we encounter. And mobile banking is a big help.