May 15th, 2015
Jackie here. Could a changing security code be the key to fighting credit card fraud? One card manufacturer hopes that their prototype credit card with a changing verification code (that 3 digit code sometimes called a CVV) will be in your wallet soon. Let’s take a quick look at this idea for fighting credit card fraud.
At first glance, the new card from Oberthur Technologies looks just like any other credit card. It is a standard size and just .76 millimeters thick. The main difference between this card and the ones you already have is the changing code on the back. The code changes every 40 to 60 minutes to a new randomized number. This number is displayed on a small, postage stamp sized screen. The small screen is battery powered and designed to last 3 years without a charge.
If your card information is written down, it won’t work later as the code will have changed. Without the new code, the card won’t work. One potential downside to this is you could not input the card information to make automatic payments for bills and other expenses, as the CVV changes so often.
A Better Solution?
This card is touted as a better solution to credit card fraud than the CHIP-enabled cards companies are now using. These cards have a specialized chip that discourages fraud when used with a special reader, but fraudsters will likely circumvent the chips by heading online where chip verification isn’t currently possible.
Since this card can be used both online and off, it may be a more comprehensive solution to credit card fraud. Only time will tell if this card becomes available to the masses and will really cut down on fraud.
March 3rd, 2015
Jackie here. How many credit cards are in your wallet? A new service called Plastc hopes to replace your many cards with just one. They offer a high tech credit card alternative that stores all of your card information in one place. Let’s take a look at some of the features.
What is Plastc?
Plastc is a one card solution to all of your cards. It can be programed to act as a credit card, debit card, security access card, gift card, and loyalty card. Once your cards are entered into the device (it can currently hold 20 cards), you can access them using the touchscreen display. The card has a magnetic stripe (like your credit card) and a barcode display. It also has NFC and Chip and PIN capabilities. It can be used with all credit cards including Visa, Mastercard, and American Express. Plastc also tracks account balances and spending.
Plastc isn’t just convenient. The creators hope to increase the security of your cards as well. The card uses a secure PIN entry to unlock the card before purchasing. Proximity alerts let you know if you ever leave your card behind. If the card is lost, it can be remotely wiped to protect all of your information.
Cards are available on pre-order right now and cost about $150 each.
Plastc is a neat idea and we’re excited to see how it works out. There is no guarantee it will boost your credit card security but the possibilities are promising. Would you be open to using such a card if it meant enhanced security?
November 24th, 2014
Jackie here. As we head into the holiday shopping season odds are you’ll be making the choice between debit and credit a lot more frequently. Here are some things you need to know before making the choice. Credit cards offer a lot of protection you won’t get from a debit card, and in many cases using credit cards is the safer choice. Let’s take a quick look at some of the critical differences between debit and credit when it comes to card fraud.
Debit- Wait for a Refund; Credit- Don’t Pay if Disputed- With a debit card, banks have up to 10 days to refund money after you file a dispute, leaving you without cash until the matter is resolved (potentially interfering with your ability to pay rent, utilities, etc.). With credit, the disputed charges are put on hold during investigation so you’re not out any cash.
Higher Liability for Debit Card Charges- With credit cards your maximum personal liability for fraudulent charges is $50 (although many card companies offer $0 fraud liability). With debit cards you have a lot more at stake, especially if it takes some time to notice the theft. Debit card holders must report fraud within 2 business days of their statement date for a maximum loss of $50. If the theft is reported between 3 and 60 days the maximum loss on a debit card is $500. After 60 days past your statement date you could be responsible for all money taken from your debit account and possibly more if you have linked accounts. These are not hard and fast rules, but they do make disputing false charges on debit cards more difficult.
Cash Isn’t Always the Solution- Many people assume that cash is the best way to avoid the risk of retailer’s breaches. While paying with cash will protect you in the event of a breach, it still isn’t 100% secure. If your cash is lost or stolen you have no recourse for getting it back; when you pay with plastic (debit or credit) you do have some options.
Before you pull out that debit card to pay for holiday purchases this year, think about it. With the many breaches occurring at retailers a credit card might be the safer choice if you have one available due to the generous credit card fraud protections.
November 17th, 2014
Jackie here. What happens to your credit card information after it is stolen? Let’s take a behind the scenes look into what credit card thieves are doing with your information so you can keep yourself safe from fraud and identity theft.
Card Information is Bought and Sold
Stealing credit card information is only part the first step in the process for thieves. Once the information is obtained, thieves work quickly to make a profit. The stolen card information is typically added to a large database of other stolen cards. Other criminals can then purchase these numbers in bulk to either use or resell. Some criminals make physical credit cards using the stolen information to make in store purchases while others make purchases of items that are easily resold. Card numbers are sold and resold often.
What Makes a Card Valuable?
Not all credit card numbers are valid so thieves typically start with small purchases to determine if the card is good. A variety of factors play into the value of your card to thieves. If all they have is the number, the card is less valuable. If thieves have other information like your SSN, birthdate, or mother’s maiden name, the card is more valuable. Sometimes they use this information to gain access to your accounts. The most valuable cards are the ones where the purchasing history is known. This helps thieves to avoid the fraud filters that banks use based on similar purchasing patterns. For example, if you typically use the card to purchase gas and fast food in Washington, they may mimic this purchase pattern to try and keep the fraud from being detected.
It’s Up to You to Protect Yourself
Your credit card company does try to actively root out fraud using tools like fraud filters, but as you can see, thieves are always looking for ways to circumvent these measures. Only you can protect yourself from ID theft and fraud. Some card companies allow you to set up an account password, limiting the access to your accounts to those that know the password when they call in. Check with your bank to see if this is available. Monitor your bank statements often and keep tabs on your credit reports to look for suspicious activity. Always take action if you notice something amiss. Thanks to the BBB for shedding the light on how thieves use stolen credit cards.
October 22nd, 2014
Jackie here. Apple Pay, a new payment service from Apple is now rolling out across the country. It eliminates the need to carry physical credit cards by turning your smartphone into a payment method itself. Some security experts even hope that the new service will improve card safety and reduce the risk of credit card fraud.
How Does Apple Pay Work?
Apple Pay works differently than a traditional credit card. Before a card can be used, it must be added as a payment type. This can be done by authenticating a card already registered with iTunes, by entering information manually, or by taking a picture of the card. The real card number isn’t stored on the phone, but rather assigned a special number which is paired to the card. Retailers won’t see your actual card number, giving consumers an extra line of protection against credit card fraud. Actual card numbers will only be used by card issuers and banks to process the payment, even Apple won’t have access to your card number once it’s registered.
Apple Pay eliminates the need for physical cards as payment information is transmitted from the phone to the terminal. Once the payment is initiated the payee uses their fingerprint to “sign” for and allow the purchase (potentially eliminating unauthorized use of Apple Pay).
Is Apple Pay Safe?
Security experts see hopeful signs that Apple Pay may be more secure than a traditional credit card, but we won’t know for sure until the system rolls out and is tested for a while. Only time will tell whether it will offer the security that Apple hopes or whether the secure databases will be vulnerable to hacking. Since Apple Pay uses existing credit cards (Visa, MasterCard, etc.) to process payments users are entitled to the fraud protections their cards already offer. It will only be available to iPhone 6 users at roll-out and will only be accepted by a limited number of retailers.
Are you planning to try Apple Pay?
July 14th, 2014
Jackie here. Last week I got a new credit card in the mail, but this one didn’t look like its predecessor. It has a new microchip feature embedded into the front of the card. The feature will be rolling out on many credit cards across the country in the coming months. How do the microchips work and why do credit card companies hope they’ll make your information more secure?
Fresh Information for Every Transaction
Chip cards work a little differently than magnetic strip cards in that they create new information for every transaction. This means that if your information is compromised (a common problem these days) it can’t be reused for other transactions. This has the potential to protect consumers and credit card companies from large losses when information is compromised. It also saves companies the hassle of sending out a new card every time your information is compromised.
While the chip technology is new to the United States, it has been used in other countries (including the UK and Canada) for decades now. Most cards include the microchip and a standard magnetic stripe, allowing consumers to use their cards with either method depending on the technology available at the particular merchant.
Not a Magic Solution to Fraud
While the new chip cards are more secure than magnetic strip cards, it is important to note that there is no magic solution to fraud. As a consumer you are legally entitled to protections (like limited fraud liability) as long as you report problems in a timely manner. The new chip cards might reduce your risk of credit card fraud, but they won’t entirely eliminate it. It is still your responsibility to carefully monitor your accounts and look for errors and discrepancies and to report them immediately.
Have you received a new chip card yet?
April 23rd, 2014
Jackie here. I take comfort in knowing that my ATM has a daily withdrawal limit. I feel secure knowing that should my account become compromised, only a few hundred could be taken (while this is still a lot of money, it is much better than the alternative of having the entire account drained). A scary new development in ATM hacking allows scammers to change limits, making unlimited withdrawals.
This scam is often used over holiday weekends when the banks place extra money in their ATMs. With no caps, scammers take nearly unlimited amounts from accounts, often withdrawing much more than the accounts actually contain. One recent attack took $40 million from just 12 accounts.
While this is scary news, you can take some comfort in the fact that the losses from the stolen money are covered by various banking laws and insurance programs. You will be reimbursed for the lost money eventually, although it may take some time. Prepaid debit cards do not have the same protections which can lead to consumer losses in cases of theft—it may be best to avoid prepaid cards for everyday use.
How Does it Work?
This scam requires several different attacks to banking systems to gain the necessary information to execute the attack. Typically scammers obtain login credentials to banking software systems using phishing or malware attacks. Once the scammers can log in to banking systems to lift limits, they use fake debit cards made using numbers they’ve obtained through other attacks. The scammers then use these fake cards to clean out ATMs, typically over weekends or holidays.
What Can You Do to Protect Yourself?
Although many losses from this scam will be eventually returned, it often isn’t worth the hassle and huge amounts of effort you may have to expend. Protect yourself from ever falling victim. If you can, skip the debit cards and use only a credit card instead. If you’re worried about the possibility of accruing debt, treat the credit card like a debit card and only purchase things you can afford and immediately pay the bill after making a purchase. More importantly, be wary of prepaid cards as these do not have the same legal protections as a traditional debit cards. This helpful guide will help you understand the differences in your protections when using credit and debit cards.
Monitoring your accounts carefully will also help you to find and report any discrepancies early.
Learn more about this scam here.
April 11th, 2014
Jenna here. This week produced a lot of cyber security and identity theft news. Here are a few of our favorite articles (and a video) from this week.
The Truth About Using Debit vs. Credit, USA Money
If you are unable to see the video, click here to watch: http://www.usatoday.com/story/tech/columnist/komando/2014/04/11/4-places-you-should-not-swipe-your-debit-card/7436229/
Why U.S. Retailers Are Still Vulnerable to Card Fraud, Bloomberg Businessweek
February 25th, 2014
Aaron here, AllClear ID Investigator. Getting a letter from a creditor explaining that your credit card information may have been compromised in a data breach can be very upsetting. Recent high-profile breaches have caused greater concern about debit and credit card fraud, and more people are asking “What should I do if this happens to me?”
What to Do
Credit card fraud can be a headache to deal with, but there are some simple steps to make it less so. Most people who have credit card fraud have to wait until the charge gets out of the pending stage and posts to the account to dispute all charges with the credit card company. Depending on the amount of the loss, the bank may also require an FTC affidavit or a police report before they will clear you of the fraud. This process can take a good amount of time.
If by chance you find you are affected by a breach like this, here are some tips that will help you in dealing with it:
First off, don’t panic and get as much information as you can about the breach. Next:
• Contact the issuer of any cards which may have been affected and let them know what’s happened. See if they have any options for added security on the card or, as we usually suggest, just request that they replace it with a new card and new number. This will help prevent fraudulent charges in the future.
• If you find that you already have fraudulent transactions at the time of the notice, contact the credit card issuer and let them know what charges are not yours and request they initiate the dispute process. This should include them automatically shutting down that card and replacing it with a new one.
• Remain calm and follow instructions provided by the creditor. Their dispute process should reimburse you fully for fraudulent transactions.
As a credit card holder, you have the right to contact the credit issuer and ask to set up increased security measures for that credit card regardless of whether your information has been breached or not. Most offer some sort of security measure ranging from setting passwords to ensure no one can call in and change info on your account without it, to having someone from the security department of the bank contact you about any suspicious charges to make sure they are legitimate. For more information on what type of security features your credit card company offers, contact the customer service department of the financial institution that issues your card.
And, as always, if you have experienced fraud or simply wish to ask for questions or guidance you can always reach out to the team here at AllClear ID via Facebook, Twitter, Support@AllClearID.com, or via phone (855) 434-8077.
February 7th, 2014
Juan here, AllClear ID Investigator.
Skimmers: You might have been affected by one already. I know I have, and help many people each week who have fallen victim.
A skimmer is a device that can be affixed to an ATM, gas pump, or any other credit card reader. Its purpose is to store or transmit the card data, sometimes including a PIN. It is, without a doubt, a problem across the nation. If you are ever wondering how it is that your credit card number was compromised, or how an account was charged while you are still in possession of the card, it is likely the card number was skimmed.
These machines are very hard to detect, and, as you can see, serve only one purpose – to intercept card data. One would think that this kind of device is illegal, but, it is not – well, at least not everywhere. (Yet?)
In an attempt to crack down on credit card skimming, Michigan has now made it illegal to sell, buy, or use a skimmer. Violating the law carries a felony punishment of up to five years in prison and a $100,000 fine. Unlike most items that go to the legislature, this one received unanimous support.
I can only hope that this becomes a model law for other states. As it is, continue to look out for skimmers and check your credit card statements and credit report for any unauthorized charges.
February 6th, 2014
Jackie here. Do you check your credit card statement each month? If not, you are just the type of victim the scammers in this new scam are looking for. Check your statements carefully (monthly at least, but more often if you can) and be on the lookout for any charges you didn’t authorize—even small ones.
In this new scam small charges are appearing on credit card statements that appear to originate from an unknown website. Victims of this scam that notice the false charges often visit the listed website for more information. They are directed to a customer service page with a call in number. Upon contacting the company they are promised a full refund (which probably won’t occur). In recent versions of the scam, the reported charges are $9.84, but this is likely to change as more people learn about the scam.
The scammers are preying on the fact that few people check their bank statements. They assume that most people won’t bother to contest (or even notice) such a small charge. The amount taken might appear small, but even small amounts taken from many people can add up to big dollars for the scammers.
How to Protect Yourself
The easiest way to protect yourself from this scam and other similar ones is to check your credit card information often. Write down the purchases you make and compare them with the amounts charged on your card to ensure they match. Report any discrepancies to your credit card company. In most instances you are you are legally entitled to fraud protections should your card be compromised, provided you report the problem quickly.
In addition to watching your statement, be aware that this scam is going around. If you do see a charge from an unknown company, contact your credit card company, not the company in question. Request a new card, even if you’ve been assured the false charge has been cancelled.
Learn more about this scam here.
January 29th, 2014
Jenna here. Our favorite articles for this week are here (finally). We have expert tips about how to boost the security of your payment cards in simple ways, as well as information about how the NSA might be using a favorite phone app to gather more information about you. Enjoy!
How to Boost Security of Your Payment Cards, USA Today
A Little (Angry) Bird Told the NSA What You’re Up To, ABC News
January 20th, 2014
Robert Siciliano, Identity Theft Expert
America the Superpower is also the super choice for criminals wanting to steal credit card information. Security experts warn that this problem will get worse before it improves.
That ancient technology of the magnetic strip on the back of credit and debit cards is a godsend to criminals. The easy-to-copy band stores account information using a technology the same as that of cassette tapes. U.S. credit card technology has not kept up with fraudsters. One challenge facing the industry is that it is very expensive for companies to upgrade their credit card security.
When a card is swiped, the strip allows communication between the retailer’s bank and the customer’s bank: 1.4 seconds. That’s enough time for the network to record the cardholder’s information on computers controlled by the payment processing companies.
Hackers can snatch account data (including security codes) as it crosses the network or steal it from databases. Though the security code is required for most online purchases, thieves don’t care as long as the magnetic strips are easily reproducible and placed on fake cards—which they then use for purchases or sell the card data online. Three bucks will get you a fraudulent card with limited customer information and a low balance.
You’ll have to wait at least until the fall of 2015 for U.S. credit card companies to ditch the magnetic strips for digital chips. Retailers want more: each transaction to require a PIN rather than signature.
What can retailers do in the meantime?
- Internet-based payment systems should be protected from hackers with strong firewalls.
- Data should be encrypted, so that hackers see gibberish.
This may be easier said than done, because implementing these safeguards isn’t cheap. The U.S. lags behind most other nations when it comes to credit and debit cards; most countries’ cards use the digital chips that contain account information.
Every time the card is used, the chip generates a code that’s unique. This makes it a lot harder for criminals to duplicate the cards—so difficult, in fact, that usually they don’t even bother trying to replicate them. It would really be great if the U.S. could catch on to this technology.
Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.
November 22nd, 2013
Tamara here, AllClear ID Investigator. Visa has announced that it has enhanced its Advanced Authorization (VAA) technology to help detect and prevent possible electronic payments fraud.
Visa Advanced Authorization (VAA) is a risk management tool related to payment processing. It monitors and assesses the authorization request based on a number of different factors, including account data and event data. It then populates a message (a VisaNet authorization message) that includes a Risk Score and a Compound Account Risk Condition Code. The Risk Score indicates the chances the transaction itself is fraud, and the Compound Account Risk Condition Code assesses unusual activity and assigns a risk evaluator.
About the Improvements to VAA
Improvements to the VAA are numerous. One such improvement is to the specific account profile. Visa has added more transactional history data, along with the additional neural networks to analyze that data. Improving the account profile, a major component in calculating the Risk Score, greatly improves the accuracy of detecting fraud in debit and credit transactions, both in person and online (or any other place where the card is not present during the transaction).
In addition to improving the account profile, Visa has increased the risk indicators for the Automated Fuel Dispensers (AFD) transactions. When Visa detects suspicious activity at a specific gas station, it applies the risk indicators to each transaction processed at that station. It also applies the account activity at AFDs compared to the account’s legitimate trending in the risk score determination. Implementing these improvements are effective in fraud detection of transactions for both consumer, commercial, in person, and card not present transactions.
As Mark Nelsen, Head of Risk and Authentication Products, Visa Inc., states, “Cardholders, merchants, and issuers all want to have confidence in the convenience and the security of every Visa transaction. The great improvements we’ve made in Advanced Authorization this year were designed to do just that: fight fraud and its costs to financial institutions and merchants, while also ensuring legitimate transactions are handled with the speed and convenience that consumers and merchants want.”
For consumers, changes to this system could mean increased security and a lower chance of payment fraud, but we will have to wait and see to what degree these changes help.
September 30th, 2013
Christy here, AllClear ID Investigator. An unfortunate truth these days is that almost everyone is aware of the real threat of identity theft in its many forms, especially takeover of existing accounts. But how many of us are clear on why the credit card company isn’t responsible, and why the consumer cannot take legal action against the creditor for identity theft damages? There are a few logical theories, however, the main reason is in the fine print of the agreement signed when you opened the account. Many credit card contracts contain a mandatory arbitration provision which states that your consent to opening the credit card waives your right to a jury trial should disputes arise. Basically, any issues/disputes have to be settled through arbitration, for which the creditor selects and hires the arbitrator. A loss on the consumer side may result in the consumer paying those arbitrator fees.
All of this being said, there are beneficial clauses in the agreement a consumer signs when opening a credit card. The biggest one is that, under the Consumer Credit Protection Act, a consumer is not liable for more than $50 of unauthorized charges. Also, the consumer is not liable for any additional charges that occur after they have reported a card stolen or compromised. As for the fee, many times the issuer will waive the $50, though this is a decision completely owned by them. If the credit card number, but not the card itself, is stolen you are not typically held liable for any unauthorized use.
As you can see, the agreement signed upon issuing a credit card is something that is there to protect both the issuer and the consumer. As for detecting any unauthorized activity, the best thing anyone can do is be vigilant about monitoring your statements, shredding sensitive documents, and being wary of suspicious links or card readers. Some credit issuers have additional services they offer for monitoring your account, however the availability (and cost, or lack of) will vary from creditor to creditor.
August 16th, 2013
Jackie here. On a recent trip to the grocery store I pulled out my credit card to pay for groceries, only to have it declined. It was quite embarrassing. Luckily, I had another card on hand and was able to make my purchase. I left the store and immediately called the bank to see what was happening. They told me a fraud alert had been placed on my card. After I answered a few questions, the hold was removed and my card was back in working order. But, a question remained: what triggers a fraud alert on your credit card?
Potential Triggers for a Credit Card Freeze
Credit card companies want to minimize fraud and reduce the amount lost if a credit card is stolen. They have developed complex processes to identify potentially compromised cards. While many factors can lead to a freeze on your card, there are a few red flags that card companies may be watching out for. Check out a couple of interesting articles on the topic here and here.
Gas Station Purchases
I buy gas with my credit card all of the time, but surprisingly this can be a trigger for a fraud alert on your card. Thieves often test cards to see if they are working by making a small purchase or by filling up at a gas station. Gas stations are a great place to make a test purchase since you can usually pay at the pump without ever having to show id or even talk with an employee. If buying gas always resulted in a fraud alert, no one would use their cards to fill up; alerts are more likely when getting gas in a different part of town or in a different city than usual.
Shopping in a Fraud Prone Area
Making purchases in a known fraud area can be another red flag for your credit card company, especially if the purchases are for large dollar amounts or on merchandise that is easily resold (think electronics, gold, jewelry, etc.).
Using the Card to Get Cash
Getting cash with a credit card (or buying gift cards and other similar items) can be a potential sign of fraud to your bank. ID thieves are often after financial gain, and taking out cash directly eliminates the need for them to use the stolen card to buy items, and then resell those items for cash.
If your card is being used to make purchases across the country or around the globe, it might be flagged for fraud. This often leads to vacationers or frequent business travelers getting the unfortunate surprise of a card that won’t work. To eliminate this flag for legitimate transactions, call your bank and let them know the dates and location of your vacation before you leave.
Changes in Purchasing Patterns
Most people are pretty consistent in their spending habits. They shop in the same areas, buy the same type of things, etc. Changes to this pattern can trigger a fraud alert. Since your credit card company has an extensive history of your purchasing habits, they know the type of things that you are likely (or not likely) to buy.
Fraud holds on legitimate transactions might be irritating, especially when there is a fairly long list of triggers banks use to detect fraud. However, these fraud holds are often the first warning sign of id theft and credit card fraud that many consumers receive.
August 12th, 2013
Jackie here. We’ve been talking a lot about “Big Data” lately and I have to admit it makes me feel a little paranoid. When I swipe my credit card at the grocery store or make a purchase online I can’t help but wonder what information merchants are collecting and sharing about me. While there is probably no way to fully escape the big data trend, there are some ways to incorporate more anonymous spending into your daily routine, if you are looking to get away from the trend of companies tracking your purchase history. Let’s take a look at some of the benefits of purchasing anonymously.
What Are the Benefits of Purchasing Anonymously?
This article by Forbes provides some interesting insight into the benefits of making anonymous purchases. Check it out if you have the time. Some of the benefits of anonymous purchasing include:
- Avoid Marketing for Purchases- Card companies monitor and record each and every purchase you make. This information is often sold to marketers who may send you targeted advertisements based on your purchasing patterns. By using an anonymous card, you may be able to avoid much of this targeted advertising.
- Keep Information Out of “Big Data’s” Hands- We’ve talked quite a bit about the dangers of sharing too much information. By using an anonymous credit card you limit the information you share with data companies. This may be a helpful way to cut down on the amount of information about you that is available to data brokerage firms and advertisers.
- Avoid Fraud- Many people use anonymous cards to protect their bank accounts from unauthorized purchases and credit card fraud. With a prepaid card, the amount you could potentially lose is limited to the amount on the card, whereas with a bank account you could lose everything. This gets a bit tricky though when you factor in the fraud protections available to you. Regular credit cards and debit cards have limited consumer liability if the card is used fraudulentl. With prepaid cards, the protections are much weaker.
- Don’t Ruin the Surprise- When you share accounts with a spouse or significant other it can be hard to buy gifts. Your partner often knows exactly what you’ve purchased from online records. Anonymous cards can help you buy a surprise that will actually stay a surprise.
Do you use anonymous cards? What are your reasons?
July 29th, 2013
Jackie here. As I’ve grown older, I’ve stopped using the credit cards I’d gotten as a teenager and started using cards with higher limits, rewards, and lower interest rates. My old cards are simply put away, the accounts still open but forgotten. These credit cards are at risk for compromise, just like the other cards I use. Don’t think that a dormant credit card can’t be used by id thieves.
One employee at a credit card company started creating new cards for dormant accounts. She would then provide these cards to accomplices to rack up charges on the stolen account numbers. In this particular instance, the cards were used to buy construction materials which were then either used or sold. In total, more than half a million dollars was stolen, all from dormant credit card accounts.
This story is an excellent reminder to not forget about those old or rarely used cards. Make sure you regularly check the statements for all your credit cards, even those you don’t use often. If you have many dormant cards, you may want to consider closing some of the accounts entirely, and consolidating the number of credit cards you have in your name. In fact, dormant cards might be more appealing to id thieves since the accounts are often not monitored and the theft may take longer to discover. Finding the signs of compromise early on is essential and makes it easier to resolve id theft. You can find a list of all the credit cards in your name on your credit report.
Check out the full news story here.
June 21st, 2013
Jackie here. What will the credit card industry look like in a few years? I recently stumbled across this article about the future of credit cards that got me thinking about the future of id theft in relation to credit cards. While only time will tell where we will be in a few years, it is interesting to consider some of the changes that may soon be coming our way.
Credit Cards and Big Data
Your credit card company knows a lot about you. They know where you spend your money, what you buy, and how much you make. To earn extra profits, credit card companies may start tracking and using this information to provide relevant offers. I know that some of my banks currently include small advertisements in my online statements directing me to savings if I make a purchase from select companies. For example, if I make a purchase at a hardware store, I may later see an ad offering 5% savings if I purchase from their competitor the next time around.
Increased Mobile Offerings
Credit card companies may also increase their mobile offerings. The article I read mentioned offering deals to mobile customers on the go, but other potential arenas for mobile expansion include mobile payments and other apps that can make banking, budgeting, and finances easier to manage on the go.
Less Junk Mail
Advertising isn’t going to stop, but odds are we’ll see changes in the ways companies reach out to their customers. Junk mail will probably decline, while social media marketing is likely to increase. Other forms of online media are important as well, including blogs, websites, etc.
Identity Theft Still a Problem
As the industry integrates new strategies into their operations, credit cards will remain a target for id thieves. Understanding your rights as a cardholder, knowing what legal protections you have and being smart about the way you access your accounts online can help keep you safe.
Keeping your identity safe means staying aware of changes in the credit card and financial industry, and protecting yourself from credit card fraud. While we don’t know where the future will take credit cards, we’ll help keep you updated here on the AllClear ID blog.
June 20th, 2013
Jackie here. I’m certainly looking forward to traveling this summer; I plan on seeing lots of exciting new places and hopefully keeping my identity safe and sound at home where it belongs. One tool that may help keep some travelers safe on the road is a new type of RFID-blocking luggage designed to shield smartphones, tablets, and RFID chipped credit cards from wireless attacks on your identity. Check out this article for more information.
What Are Wireless Attacks?
Even if id thieves don’t have access to your actual credit cards, they may be able to get information off of them. If your cards are embedded with an RFID chip (currently few cards in the U. S. use this technology, but it is gaining in popularity) thieves can use a special device to siphon information such as the credit card number and security code remotely. RFID technology isn’t just limited to credit cards though; passports are another potential target. Wireless signals transmitted from smartphones and other devices, while not RIFD enabled, are also vulnerable to wireless attacks.
Blocking the Signal
Since thieves can access this sensitive information without ever having to physically touch your card, passport, or wireless device, keeping your information safe can be difficult. New technology in the luggage industry seeks to combat this problem by creating special RFID-blocking pockets that can keep your personal information shielded from thieves. The pockets block transmission of electromagnetic signals, making it impossible for thieves to gain access to credit card information, even if your card uses an RFID chip. Additionally electronic devices placed in the pockets cannot connect to wireless networks or transmit information while inside the luggage.
Other Tips for Keeping Safe
While the new luggage options may be a wise choice for some travelers, there are a few steps you can take while you travel to keep you identity safe without having to go out and buy a new suitcase. Here are a few tips for protecting your identity on the go:
• Turn Off Your Device- While RFID blocking pouches can keep small electronics from accessing wireless networks, turning off your device can be equally effective. If you’re worried about someone accessing your device remotely, you can turn it off and remove the battery before you travel.
• Don’t Automatically Connect- Another important security setting on wireless devices involves ensuring that you don’t automatically connect to unknown networks. Turn the Wi-Fi settings for automatic connection off and instead manually connect to networks you trust only.
• Don’t Store Passwords on Your Phone- Storing a password on your phone is easy, but poses a big risk to your identity. Manually input passwords for things like social networking sites, online banking, etc. each and every time rather than saving the information to your phone.
May your summer travels be filled with fun and free from identity theft!
October 11th, 2012
Matt here, with the AllClear Investigation team. Most people are well aware of the variety of phishing scams out there. “Phishing” is attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication or over the phone.
A popular financial institution being used for a recent scam is Citibank. There are many reports already out regarding hoards of phishing emails supposedly from Citibank, which supplement the large number of customers who have reported these to us. These emails claim that, due to multiple failed login attempts, the account holder must confirm account information or the account will be suspended indefinitely. The unsuspecting Citibank customer will then click on the link provided which routes them to a website that the scammers have created. This website looks like the legitimate Citibank website and asks for personal information which can then be harvested by the scammers and used for credit card fraud and identity theft.
A brand new scam that we’ve found with our customers involves phishing phone calls has now been popping up. The victim will receive several phone calls pretending to be from Citibank. They will leave a voicemail asking for a call back to discuss “your Citibank account”. These phone calls will be sent out by the thousands, and at least a few of them will reach actual Citibank customers. When the victim calls back the number provided, they hear a recording that sounds identical to the recording you would hear when you call the real Citibank. It will say “Thank you for calling Citi cards, servicing Citi and AT&T Universal card accounts. For assistance in English press one.” “This call may be monitored and recorded for quality assurance. “ It will then ask you “to expedite the handling of your call by typing in your 16 digit account number”. Once you have typed it in, the phone disconnects. Now the scammers have taken your credit card information and soon after will be maxing out your account.
To protect against either of these types of scams, just always remember that legitimate companies do not do business this way. If you ever receive an email or phone call saying that there is a problem with one of your accounts, do not follow the steps that you are instructed to follow. Instead, call the phone number listed on the back of your credit or debit card. The customer service representative on the other end will be able to tell you if there is actually a problem with your account.
October 10th, 2012
Tamara here with the AllClear Investigators. It’s hard to find anyone nowadays that has not had fraudulent charges on their credit or debit card. It can happen a number of ways, whether the card was skimmed, the number compromised in a breach, physically stolen, provided to a scam artist, or obtained online as a result of malicious software. Per the Federal Trade Commission and the Consumer Sentinel Network Report, 8.1% of complaints filed involved existing account fraud at banks and for credit cards in 2011. Though that is a 1.4% decline from the previous year, it is still an issue which needs to be addressed.
One route card issuers are taking to help combat this type of theft is the implementation of EMV chip cards. EMV stands for Europay, MasterCard, and Visa. An EMV card would help ensure secure transactions with dynamic authentication and chip technology. Let’s take a look at these.
Dynamic authentication uses cryptography (or other means) to create a one-time use authenticator, which changes with each transaction. Essentially, a different seal for each charge is created and verified. This is helpful in reducing fraud by limiting a thief’s ability to duplicate the authenticator.
For chip technology, the card is inserted to an acceptance device and initiates contact and exchanges data with the terminal. Another form of chip card technology is where the card is waved over a reader, communicating via radio frequency. Additionally, the cardholder verification is secured by the chip when the correct PIN (Personal Identification Number) is entered.
The chip itself will help to reduce fraud due to the fact that the information cannot be skimmed. Magnetic strip cards are easily skimmed with the cardholder being unaware, until the victim discovers the fraudulent charges.
That being said, EMV transactions are still vulnerable to “man in the middle” attacks. Put simply, the stolen card is inserted into a “man-in-the-middle” device then used as usual. The criminal can enter any PIN and the device will randomly generate the authentication seal and confirm the PIN, authorizing the transaction. Though the PIN was not correct (they could enter something as simple as 0000), it is reflected on both ends as being so. A larger down side of this is, because records will show a “correct” PIN was entered, it can make it difficult to dispute the charges.
Though cards have been issued worldwide – over 750 million – they are slowly migrating to the United States. Be sure to inquire about EMV technology and whether or not your financial institution is planning on implementing this new technology.
Note: For clarity edits were made on 11/5/2012 to the following parts of this blog post:
- Sentence: This is helpful to reduce fraud due to the reduction of duplicity. Changed to: This is helpful in reducing fraud by limiting a thief’s ability to duplicate the authenticator.
- Sentence: For chip technology, the card is inserted to an acceptance device and imitates contact and exchanges data with the terminal. Changed to: For chip technology, the card is inserted to an acceptance device and initiates contact and exchanges data with the terminal.
September 5th, 2012
Aaron here, with the AllClear Investigation team. Credit is one of the first places identity theft is discovered, so knowing the status of your credit is an important step when thinking about applying for a credit card. As easy as it is to apply, we recommend you not jump straight into the credit application process before reviewing your credit and taking care of any problems you may find. This is important as every time you apply for a credit card the creditor does a “hard inquiry” on your credit report. Each time this is done, your credit score is lowered temporarily, so the best option you have is not to apply unless you are confident you will be approved. The standard hit to your credit score per inquiry is approximately 5 points, lasting for 6 months from the date of the inquiry.
Bad credit history – even as the result of identity theft – could make you ineligible for the credit cards that offer lower interest rates, higher limits, cash back offers, and other good benefits. A lot goes on behind the scenes when you apply for a credit card, so review my recommendations below before applying for a credit card.
Know your Credit Score: Checking your credit score does cause an inquiry however it is what is called a “soft inquiry” which does not affect your credit score. Your credit score can range from 300-850 and is a result of your reported credit history. The lower your score, the higher the risk for creditors to decline you or may result in approval but with much less favorable terms. As for your credit history itself, there are three major credit bureaus to which is reported – Trans Union, Experian, and Equifax – who each hold an individual credit score based on five factors:
- 35 percent – Payment History
- 30 percent – Amounts Owed
- 15 percent – Length of Credit History
- 10 percent – New Credit
- 10 percent- Types of Credit Used
Each bureau usually has slightly different scores then one another, because each bureau may show slightly different information depending on the reporting practices of each creditor.
Pull Your Credit Report: Your credit report stores the information used to compute your credit score. Every consumer is entitled to one free credit report per bureau, per year. We suggest using only www.annualcreditreport.com to request your free annual credit report as there are no hidden fees – you only incur a cost if you want your credit score with it or have pulled the report in the past 12 months. We also recommend pulling 1 of your free reports every 4 months instead of pulling all 3 at the same time so you can review them for free throughout the year.
Clean Up Any Issues: If inaccuracies are found on any of your credit reports, you have the right to dispute it and each bureau has 30 days to respond. If the dispute is resolved in your favor, the information will be removed/updated on your credit report which can also result in an increase in your credit score. You also have the right to add a short statement to your credit report (100 words or less) where you can explain any issues that may be contributing to your credit history.
Apply: Once you’re ready, know that a credit score of 650 and above will likely qualify you for credit cards that have lower interest rates and extensive benefits including cash back. Shop around for the best card offer, including interest rate and perks, and once approved, use it wisely!
August 8th, 2012
Jackie here, with AllClear ID. Did you know that it may be possible to pay for items using your mobile phones? Mobile payment are becoming increasingly popular and their prevalence is only expected to increase in the coming months and years.
There are several different types of mobile payment options available, each with their own identity theft risks. Let’s take a look at a few:
Mobile Phones with RFID or NFC Technology- Today’s phones can easily be equipped with a chip that can wirelessly transmit your credit card number to a retailer – if they have the right technology. Currently, only about 10% of retailers are making use of this technology, but as prices come down, this could become more common. There are concerns that this type of payment method may not be secure, but manufacturers of this technology believe it may be more secure than credit cards since phones can be shut down remotely if they are stolen. More info on this topic available on USAToday.
Adding Charges to Phone Bills- Another method for making mobile payments involves adding charges directly to a phone bill. You may have seen this in action when buying a ringtone or game through your phone. The charges are automatically added to your bill and you pay directly to your phone provider when your bill comes due. One identity theft concern with this practice is known as “cramming”. It isn’t anything new, but has become a cause for concern again in recent months.
“Cramming” is the practice of adding fraudulent charges to your phone bill. These charges are often small to avoid detection and may look like they belong on your bill. The best way to combat them is to pay attention. Watch for suspicious charges on your phone bill and report them to your phone company should any occur. Some phone providers allow you to opt-out of third party charges so these will never appear on your phone bill. Learn more about this practice on the US Department of Justice Blog.
Other Mobile Payment Options- Other mobile payment options are becoming increasingly available. Phones may be able to store copies of credit information and credit card scanners are available for smart phones. Companies like PayPal are also getting on the game offering consumers the option to pay using their accounts at checkout at brick-and-mortar retailers. We will probably see many new payment methods available in the next few years.
The best way to keep on top of the new options available is to pay attention. Examine your credit card statements carefully. Don’t forget to check your phone bill for suspicious charges. Being aware is one of the best ways to prevent id theft and catch it early on if there is a problem.
August 3rd, 2012
Jackie here, with AllClear ID. We often talk about phishing and email scams here on the blog, but phishing isn’t just something to be on the lookout for when you check your email. Id thieves use phishing tactics to solicit personal information in other places across the web as well. Always be cautious when sharing personal information and pay special attention when visiting banking and financial institution websites.
Check out this warning we found on Chase’s website about viruses and malware that can solicit your personal information. Basically, your computer is infected by a virus when you visit an infected website or open an infected email. This virus doesn’t do anything right away; it lays dormant on your computer waiting for you to visit a targeted site, such as Chase. It then creates a pop-up window asking for personal information like your account number or Social Security number. This pop-up isn’t generated by the site you are visiting. Instead, it is a tactic used by identity thieves to get your personal information.
If you see a pop-up like this, don’t fill it out. Report the problem to your bank and get your computer checked out. You may need to update your anti-virus software or you may have contracted a virus that your software doesn’t recognize.
Banks don’t typically ask for personal information like Social Security numbers or account numbers when you are logged into your accounts. On their website Chase says, “We don’t ask you for personal information such as PINs or complete account numbers when you are logged in or through e-mail. We may ask for a mother’s maiden name or a Social Security number on an application that you initiated, but it is not our practice to ask you for personal information in this way or through an e-mail.”
If you are in doubt about whether or not your bank is requesting personal information, give them a call and ask. Use a known phone number to contact them. It is always better to be a little too cautious than to inadvertently share your personal information with an identity thief. If you have shared personal information or filled out a form like this, contact your bank immediately.
Keeping up to date on your antivirus software and using caution whenever you share personal information online will help protect you from id theft. To learn more about id theft and the banking industry, head on over to the FDIC’s identity theft information site.
July 2nd, 2012
George here, AllClear ID Investigator. Consumers in debt often ask if they could go jail due to not paying collection agencies attempting to collect on past due accounts. The U.S abolished debtor’s prisons around 1850’s but the answer is, technically, yes and no. Debt collectors commonly use publicly funded courts, sheriff’s deputies, and country jails to pressure people to pay. They’re technically not arresting for nonpayment, but for failing to respond to court hearings, pay legal fines, or otherwise showing contempt of court in connection with a creditor lawsuit.
You can go to jail only if the credit card company can prove in a court that you intentionally set out to defraud the credit card company. Opening a credit card, maxing it out and never making a payment is usually considered fraud. The fact that you did make payments at one time works in your favor.
Ignoring a court order is what can land you in jail. When a creditor sues you, the court will order that you pay the bill in installments. The judges recognize that you probably don’t have the money to pay it all at once. Most court rulings do carry interest at various rates set by rule or statute. If you don’t pay the installments, the court won’t order you to jail, but it will give the creditor some power to pursue your assets. This can come in various forms such as a lien on your home, a pay garnishment, an attachment of your bank account or some other seizure of your property. If you have nothing to seize, there is still no jail time. A creditor who has a judgment against you can subpoena you to an examination to see what they can recover from you. Ignore that subpoena and you are in contempt of court. If you have filed for bankruptcy, the Federal Bankruptcy system preempts the state court system and you’ve avoided going to jail.
A 2010 report by the American Civil Liberties Union that focused on only five states – Georgia, Louisiana, Michigan, Ohio, and Washington – found that people were being jailed at increasingly alarming rates over legal debts. That loophole has lawmakers in the Illinois House of Representatives concerned enough to pass a bill in March that would make it illegal to send residents of the state to jail if they can’t pay a debt.
According to a report by the New York University’s Brennan Center for Justice, some states also apply late fees, payment plan fees, and interest when people are unable to pay all their debts at once, also known as poverty penalties. Alabama charges a 30 percent collection fee while Florida allows private debt collectors to add a 40 percent surcharge on the original debt. Some Florida counties also use so-called collection courts, where debtors can be jailed but have no right to a public defender.
If you are summoned to court regarding a collection, don’t ignore it. As long as you show up or respond to the claim, even if you cannot pay the collection agency, you can’t be arrested for the past due debt.
May 25th, 2012
Jackie here, with AllClear ID. We talked a lot about id theft and taxes at the beginning of this year. Tax related identity theft is a growing problem. According to a recent Treasury audit, it affected 641,052 taxpayers in 2011. One of the biggest problems with this type of id theft for law enforcement is being able to easily access the needed records to move forward with an investigation. A new pilot program launched by the IRS may make it easier for law enforcement to find and prosecute perpetrators of tax related id theft.
The IRS pilot program is currently available only to law enforcement officials in the State of Florida. This program will allow local and state law enforcement to have access to fraudulently filed federal tax returns. In order to access the return law enforcement will need to provide a consent form signed by the id theft victim. Upon supplying the signed form, law enforcement officials can request copies of tax returns filed using the id theft victim’s Social Security Number.
ID theft victims will not have access to the fraudulent tax documentation filed using their social security number. The tax return copies are only available to law enforcement. The IRS will continue to work with id theft victims to resolve the issues involving their tax accounts.
The IRS will determine how this program should proceed depending on the results of this initial trial in Florida. If this program works it could make it easier to find and prosecute tax related id theft cases.
May 20th, 2012
Allison here, with AllClear ID. HDTV scams are nothing new. However, there’s a new twist to this scam that involves the online sale of these products from unauthorized sellers. If you’re planning on purchasing an HDTV online, then pay attention. Making such a purchase online isn’t bad, but steps need to be taken to ensure that you aren’t buying from an unauthorized dealer.
- The scam from these unauthorized sellers involves bait-and-switching and aggressive up selling. Here’s what they do: they advertise that they have the HDTV in stock and are selling it for a below-market price, and can ship it to you for free. If you take the bait and place an order, you receive a call the next day confirming the order. Once the salesperson gives you the call, the person starts to aggressively up sell a series of add-ons, including a “3-D” HDMI cable (which isn’t real) for a 3-D TV, a custom stand or wall mount, an extended warranty and/or an “expedited” extra-cost freight.
- If you buy enough add-ons, you’ll get the TV as promised, but it’s likely to be one that is refurbished, scratched, or defective. It won’t be a brand new set. You’ll also find that the add-ons aren’t brand name or high-quality product, but knock offs. If you don’t buy any add-ons, then you might wait weeks for that TV, if you receive it at all. Since these are scammers, it’s also highly unlikely you’ll be able to return the TV or to receive a full refund. What makes the HDTV scam interesting is that for the most part, people are getting the product. Typically with scams, the scammers take the money and run. However, the HDTV scammers are getting away with it by figuratively tying the customers hands behind their back.
There are two ways to check to see if the dealer you are considering is authorized to sell those specific TV brands. First, call the manufacturer of the TV model you are considering (LG, Samsung, Sharp etc.) and ask if the dealer is authorized by them. You could also check the manufacturer’s website for that information. If they aren’t listed, or the customer service department says ‘no’, then don’t purchase from them. Second, take a look at the dealer’s product return policies. Scammers will never accept a return on the TV, or they may charge a restocking fee, deduct the “free” outbound freight from the refund, or all of the above for you to return the TV.
Not all online dealers of HDTVs are bad or unauthorized: big box retailers and Amazon Direct are both just fine. It’s simply a matter of exercising some due diligence and making sure the dealer is doing the right thing with their customers.
May 17th, 2012
Kim here, from the AllClear ID Team. Last year, AllClear ID announced a new effort to warn customers when their personal information had been found online by cyber intelligence organizations. The Victim’s Assistance Program (VAP) is a partnership between AllClear ID, the Identity Theft Resource Center (ITRC) and the National Cyber-Forensics & Training Alliance (NCFTA). It was formed to alert consumers when their personal information is reported compromised or stolen. These pirate sites that the VAP alerts customers of are exactly what blast customer’s personal data across the Internet.
About two years ago Jane received a letter in the mail referencing a credit account that she had allegedly tried to open at American Eagle Outfitters. The account was not opened and Jane assumed she had received the notice in error. Now, in hind sight, she realizes it was a warning of things to come.
Jane and her husband, a retired NYPD officer, discovered her name, DOB, address, phone number, Social Security Number and credit card information were appearing on websites all over the internet. A man she didn’t know came across her information and gave her a call. Jane was shocked, “I never would have guessed my personal information was online. I am very aware of credit card skimmers and other types of scams but this was a surprise.” His name was Thomas and he gave her web addresses so she could see for herself.
While she may never know how her information turned up online, the fallout has been unrelenting. “I get calls from bill collectors starting at 5:00 a.m. and 6-7 letters in the mail each week.” Jane says it is incredibly stressful but she chose not to put a freeze on her credit file. “I have a fraud alert set but sometimes the creditors are in such a hurry to issue new credit and they don’t check.” While many attempts are denied, this past holiday season thieves were able to open accounts at Best Buy, Apple and Midnight Express, charging just over $4,000.00.
This past tax season, someone even tried to call the IRS and have her refund redirected to them. “Now”, Jane says in frustration, “I cannot e-file and I will have to use an ID PIN each time I submit my taxes.” It is just one of many adjustments she is making while her information still can be found online.
Since becoming an AllClear ID customer, Jane receives alerts when there is new activity on her credit file and her Investigator, George, is able to work with her to repair the damage and restore her credit. They are currently working to get a court order to force Google and other web search engines to remove her information. Until that time, Jane is on a campaign lobbying law enforcement and politicians to go after those who traffic-in stolen information and to get the data collectors to purge the information from the Internet. Until then, George and AllClear ID will be there to help.
May 4th, 2012
Jackie here, with AllClear ID. “Will that be debit or credit?” Many people assume that their answer to this question only affects the card they pull out of their wallet, but they are wrong. When it comes to identity theft you have very different protections depending on the type of card you use.
A debit card is one issued by your bank that is tied directly to your checking account. It is the card you use at the ATM and at retailers when you want money to come directly out of your bank account. When using a debit card you have two options: enter a PIN or run the card as credit and sign. Both are considered debit transactions and offer the same basic protections in cases of identity theft or fraud. Here’s how you’re legally protected if your debit card is misused:
Debit Purchases/Withdrawals made with your physical card:
- Unauthorized transactions reported within 2 business days have $50 consumer liability
- Unauthorized transactions reported between 3-60 days have $500 consumer liability
- Unauthorized transactions reported over 60 days no protection
Purchases/Withdrawals made with debit card number only
- $0 consumer liability for all purchases reported within 60 days
- Consumer is responsible for all charges reported after 60 days
Debit transactions come straight out of your bank account which means that you may be without your funds while the bank investigates any fraudulent charges. The bank is required to provide temporary credit in the amount of the disputed charges after 10 days while they examine your claim.
Credit cards are a line of credit extended by a company to consumers. These cards will typically issue a monthly bill for any charges rather than deducting the money directly out of your bank account. Some of the top credit card companies include Visa, Mastercard, American Express and Discover. Here’s how you’re legally protected if your credit card is misused:
Credit Purchases made with your physical card
- $50 consumer fraud liability (most companies will waive this fee)
- If you report missing cards before charge is made, there is $0 consumer liability
Purchases made with credit card number only
- $0 consumer liability
Consumers also have additional protections when using credit cards through the Fair Credit Billing Act. This law protects consumers from poorly made or damaged merchandise that was purchased with a credit card. You may also have coverage for items purchased but not received. This protection is available after efforts have been made to resolve the problem with the merchant and specific requirements will need to be met.
For more information on avoiding credit card fraud read the FTC’s Consumer Fact Sheet: Avoiding Credit and Charge Card Fraud.
The next time you head out for a shopping trip make sure you know what protections you have available should you become a victim of identity theft or notice fraudulent charges on your card statement.