Entries tagged with “identity theft”.


As our society’s digital dependence increases, so does the average person’s credit card usage. More businesses are going paperless – leading to an increase in online payments. Also, in general, online purchases are more popular than in-store purchases. In fact, a 2013 survey by Ebates.com, involving 1,000 U.S. consumers, revealed that 84% preferred shopping online than in-store. In light of these trends, it’s even more necessary to be well-versed in safe credit card usage practices.

One easy preventive measure against fraudulent usage of your credit card, should it be physically stolen, is to opt for including a photo of yourself printed on your card. Many banks already offer this option, which makes it practically impossible for a thief to use your stolen card in physical stores. Keep in mind that this provides little protection against fraudulent online purchases.

When using your card online, check your computer for malware before inputting your card number. Often, malware, acquired via unsafe web surfing, install keyloggers which can record and transmit your credit card information as you type it.

Another method used to steal your credit card information is via phishing sites. Make sure to check the URL or address bar in your browser to make sure you aren’t on a phishing site. Phishing sites perfectly mimic the appearance and functionality of a legitimate site, like Amazon, to trick you into submitting your sensitive information.

The key to minimizing the risk of unauthorized use of your credit card is vigilance. If you approach each use of your card with caution, you’ll avoid most credit card stealing traps.Contact us to learn more about fraud prevention tips.

Living in a modern world of convenience has left us open to vulnerability and fraud. Unfortunately businesses, no matter the size, are not immune to fraud.    According to the Association of Certified Fraud Examiners (ACFE), companies with less than 100 employees lose approximately $155,000 as a result of fraud  each year. It can happen to anyone at any time. To protect yourself and your business, here are some tips on fraud prevention for small businesses.

Credit Cards and Bank Accounts

It seems like common sense to keep this information private, but it is the most common area of fraud in the United States. The first way to protect your  business from fraud is to separate all personal credit cards and bank accounts from your business accounts. This will help protect the business if a fraudster  gets their grubby fingers on your personal information.

Make smart decisions when it comes to credit card usage. Don’t allow employees to use your card or give out your card number to anyone, employee or vendor, in person or over the phone. Making the switch from paper bills to online billing not only helps the environment, but keeps your credit card information from falling into the wrong hands. Using online billing also enables you to check your accounts on a daily basis for any unusual activity. Catching suspicious activities right away minimizes any loss or damage.

Phishing Scams

If you have an email, chances are that you have received a “phishing” email. Whether it’s the Nigerian Prince wanting to transfer money to your account or someone posing as a legitimate business asking for personal renewal information, many people fall victim to these scams every day.  Their goal is to get your personal information in order to steal your money and identity.  While many of these scams seem legit, there are easy ways to recognize if it’s real or not.  Click here to check out an article on how you can better recognize and protect yourself from these scams.

Password Policies

Having a policy in place for passwords is another huge help in protecting your company from fraud. Passwords should be changed regularly, every 60-90 days or so, and you’ll want to establish a new password for each online account. Making your passwords unique is a great precaution as well. A good password will include a combination of letters and numbers so that it’s harder to guess.

Computer Security

In today’s business world, securing your computer is vital. With increasing usage of computers, we are more susceptible to security problems.  A few precautions to take as a business owner should be to have firewalls installed, anti-virus set up to frequently scan for viruses and have routine checks for updates of the computer operating system.  You also want to exercise good care when downloading software or opening attachments.  If you ever suspect that your computer isn’t running normally, have your computer analyzed by a qualified technician.       

Staying Safe Online

One of the easiest ways that businesses get hit is online.  We’ve seen recently a number of well-known companies fall victim to cyber crimes and security breaches including Target and Home Depot.  Smaller businesses have actually started to become bigger targets because cyber criminals know they have fewer resources for defense.  Companies should assess their risks when it comes to potential cyber-attacks and see what policies or procedures they have in place to prevent it.  As companies become more dependent on the internet, they need to take necessary steps to protect sensitive information like customer data, financial records, and intellectual property.  Check out this article on assessing your risk from Staysafeonline.org.

Fraud can happen to any business, even when precautions are taken. Taking the steps to prevent it and following these tips will help lessen the blow if it does occur and help you get back on your feet faster. For more information on safeguarding your business, please contact us.

A major national insurance company announced this week that its network had been compromised and more than 1 million customer records were stolen. Among the data included in the breach are “people’s names and a combination of Social Security numbers, driver’s license numbers, their date of birth, and possibly marital status, gender, and occupation, as well as the names and addresses of employers.”  A company spokesperson said that there is no evidence that credit card information or medical information was involved in the breach.  Affected individuals are being notified and offered free credit monitoring services.

It is interesting to note that this is the latest compromise in which sensitive personal information was stolen, while credit card data seems not have been involved.  A few months ago, South Carolina had a similar type of incident in which social security and banking information was compromised, while the encrypted cardholder data remained secure.  Now, I don’t have any details or knowledge of these events outside what is printed in the releases or articles, but it does leave me thinking of a very important reminder: PCI DSS only addresses cardholder data, not any other sensitive personal information.  Birth dates, routing numbers, social security numbers and other sensitive are left out in the cold with respect to PCI DSS, though they merit just as much, if not more, protection than cardholder data.

PCI DSS only applies to cardholder data.  It provides a baseline of protection for credit and debit card information.  Nowhere in its requirements does the PCI DSS require companies to protect social security numbers, bank routing information, birthdates or any other sensitive information.  Many companies take great pains to comply with PCI DSS and the standard has done a lot of positive things for an industry that desperately needed to implement strong security.  However, simply being PCI DSS compliant does not mean that all the sensitive data in an organization’s environment is protected.  A serious obstacle to overall security arises when companies believe that compliance with PCI DSS equates to security.

PCI DSS provides a good launching point for security initiatives.  Many of the requirements contained in the standards are best practices (if not requirements) for other types of data, as well.  It is tempting, particularly with so much focus on compliance, to focus on PCI DSS and cardholder data to the exclusion of everything else.  It’s important to remember, though, that companies have many types of data in their networks.  Companies would be well-served to conduct a data inventory, find out what they really need and what they don’t need to keep.  If it is needed, then it should be adequately protected. If it is not needed, it shouldn’t be stored.  Excess data is excess liability.

For those of us in the security space, it’s common to hear about crime rings based out of Eastern Europe that are targeting US companies and consumers.  Stealing the data and selling it to make a fast buck has been something that we prefer to identify as something that happens from abroad.  A recent report from ID Analytics, though, tells us that we have plenty of trouble with that particular crime here at home.

ID Analytics, a leader in consumer risk management, has undertaken a study to identify crime rings in the US that specialize in identity theft.  According to the report,  there are more than 10,000 separate crime rings operating in the United States.  Those rings appear to be most highly concentrated  in Washington D.C.; Detroit; Tampa, Fla.; Greenville, Miss., Macon, Georgia; and Montgomery, Ala.    Another unusual finding of the report was that a large number of these rings were comprised of friends and family working together.  You know what they say.  “The family that defrauds together…”

This report is interesting on a couple of levels.  First, there has been an assumption that Identity Theft is often the work of career criminals.  The report seems to contradict this, pointing out the almost communal nature of identity theft rings.  The individuals work together and even share identity information, like social security numbers, in an effort to get new lines of credits.  Secondly, while we do know that many breaches do originate from abroad, it is important that we not overlook the threat that we face here at home.   Another surprising revelation in the report is the genesis of the crimes.  Again, we tend to think of identity theft as an urban crime.  While most of the victims were city dwellers, the report shows that the crime rings originate largely in rural areas.

It would be interesting to see if longitudinal studies would uncover a relationship between the economic downturn, particularly as it hit these rural areas, and the increase in the formation and activity of identity theft rings.  It is sometimes easy to think of identity theft in the abstract, and that may entice people that wouldn’t be attracted to violent crime as a means of supporting themselves.

Pardon the pun, but it seems that another day brings us news of yet another data breach.  In this instance, Northwest Florida State College has suffered a network breach that resulted in the compromise of an estimated 200,000 student records dating from 2005-2007.  As first reported, the compromise was believed to have been isolated to college employees, with even the president of the school reporting identity theft.  What’s worse, is that it seems the data thieves are not being shy about parlaying the theft of data into all out identity theft and larceny.  In fact, more than 100 employees have reported withdrawals from their bank accounts.   According to college president Dr. Ty Handy, “The more common mechanism is to go through a loan company and to secure a loan and to have that loan payment come directly out of the bank account…That’s how I was hit.”

This compromise is, in many ways, worse than having one’s credit card compromised.  In this instance, stolen data included social security numbers, banking information, and birth dates.  This is not just enough information to max out a credit card, but to access bank accounts and even to establish new lines of credit.  The question that comes top of mind as a result is, how should consumers (or even businesses) protect themselves against this type of attack.  There are a few ways to do so, some of them more onerous than others.

1) Monitor financial accounts - this step is something that is, surprisingly, often overlooked.  However, keeping an eye out for odd looking transactions can help to identify this type of theft and allow you to take action quickly.  Thieves and fraudsters bank (often literally) on the idea that their victims aren’t paying close attention.  So they run “test” transactions to see if they can get away with it.  Sometimes, thieves will hold data for more than a year before testing it, just to lull the victim into a sense of security.

2) Place a credit freeze - a credit freeze allows you to control third party access to your credit.  If a lender cannot access your credit history, then they cannot extend a line of credit.  If you are concerned about whether you might be a victim of a data compromise, or identity theft, this can be beneficial.  There are downsides, though.  Most notably. this can make it more difficult for you to open new lines of credit should you want or need to do so.  The credit freeze, which must be placed with each of the credit reporting agencies, remains in effect until you lift it.

For more information on how to detect and respond to identity or financial fraud, check out the Federal Trade Commission’s Identity Theft website.