November 20th, 2015
Jackie here. October 1st brought about a big deadline for the new EMV (also called “Chip and PIN”) cards, but what does this really mean for you, the consumer? Let’s explore the changes that took place and find out how they’ll change credit card processing.
The changes impact all major credit cards (Mastercard, Visa, American Express, and Discover) and all merchants that use them. The new cards are more difficult to counterfeit and are expected to slow the losses from credit card breaches and card cloning. Chip cards feature an added layer of protection when compared with cards that only have a magnetic strip. If a thief gets the number to your card, they may be unable to use it. This switch is intended to cut down on credit card fraud.
About the October 1st Deadline?
October 1st was a big deadline for merchants, financial companies, and card processors. The deadline required that all merchants and all financial institutions start using EMV technology. The deadline has come and gone, but if you’re like me, you probably haven’t seen much of a change. I can still swipe my card at many merchants and even have some cards without a chip.
While the deadline was a big one for merchants and card providers, it doesn’t really impact consumers as much as you’d think. However, businesses that haven’t made the deadline could be taking on big liabilities should fraud occur. If a counterfeit card is used, the party that is least EMV compliant will be responsible for the losses. This means that your bank will be stuck with the loss if they haven’t issued a card or the merchant will be responsible if they don’t have a payment terminal that processes the card.
What Changes Are Coming?
The October 1st deadline applied to most merchants, but outdoor terminals at gas stations are exempt until 2017. Expect to continue swiping your card at the pump in the near future. If your card hasn’t yet been upgraded, you’ll likely see a new one, complete with a chip soon. Right now, cards feature both a chip and a magnetic stripe, but future cards may rely solely on the chip function as systems are upgraded. We may also see the PIN function being used more often. Most of the new cards function as chip and signature cards, which are less secure than using a PIN.
Are you using an EMV card?
July 27th, 2015
Jackie here. Many of us love to take selfies, and one company is seeking to take advantage of that selfie love to make online transactions more secure. The Mastercard pilot program uses a binary code created from a selfie to authorize transactions instead of a typed password. The program is currently rather small, but if it works, you might be using your face to verify your payments soon.
How Does It Work?
The selfie identification program is only in the works for Mastercard users at the moment. It is part of a special service known as “Paying with Mastercard Identity Check”, and seeks to reduce fraud with an extra layer of security at the time of payment. The full details of the program won’t be unveiled until it is out of the testing phase, but right now we know that the selfie program is expected to be a part of the company’s smartphone app. Users will have the choice of a facial scan (done via selfie) or a fingerprint for identification.
What Can I Do Now?
The selfie program is currently just in the testing phase, so it isn’t yet available to regular users. In the meantime, how can you protect yourself from credit card fraud? Your best option is to be vigilant. Check your statements often and report any suspicious activity immediately. Credit card fraud might be a pain, but you’re not liable for fraudulent purchases, provided you report them.
Would you take a selfie to verify your identity?
May 15th, 2015
Jackie here. Could a changing security code be the key to fighting credit card fraud? One card manufacturer hopes that their prototype credit card with a changing verification code (that 3 digit code sometimes called a CVV) will be in your wallet soon. Let’s take a quick look at this idea for fighting credit card fraud.
At first glance, the new card from Oberthur Technologies looks just like any other credit card. It is a standard size and just .76 millimeters thick. The main difference between this card and the ones you already have is the changing code on the back. The code changes every 40 to 60 minutes to a new randomized number. This number is displayed on a small, postage stamp sized screen. The small screen is battery powered and designed to last 3 years without a charge.
If your card information is written down, it won’t work later as the code will have changed. Without the new code, the card won’t work. One potential downside to this is you could not input the card information to make automatic payments for bills and other expenses, as the CVV changes so often.
A Better Solution?
This card is touted as a better solution to credit card fraud than the CHIP-enabled cards companies are now using. These cards have a specialized chip that discourages fraud when used with a special reader, but fraudsters will likely circumvent the chips by heading online where chip verification isn’t currently possible.
Since this card can be used both online and off, it may be a more comprehensive solution to credit card fraud. Only time will tell if this card becomes available to the masses and will really cut down on fraud.
December 9th, 2014
Jackie here. The holiday season is here and that means friends, family, hot cocoa, and of course, holiday shopping. As the holiday shopping season heats up, make sure you’re protecting yourself from ID theft and fraud. You aren’t the only one busy this time of year; fraudsters love using the chaos of the holidays to make a quick buck. These holiday shopping tips will help keep your family safe from ID theft this year.
Use Your Credit Card
If you missed our recent article on credit cards vs. debit cards check it out before you head out holiday shopping. Credit cards offer more fraud protections than other payment methods, making them one of the safer choices for holiday shopping.
Save Your Receipts
During the holidays when you’re making lots of purchases it can be hard to remember what you’ve spent and where. Save all your receipts including those for online purchases.
Check Your Statements
With your saved receipts in hand, checking your statements will be much easier. Double check amounts and purchases for any inaccuracies. If you notice a problem, report it to your financial institution quickly. With debit cards, you only have 2 business days to report fraud if you want to limit your maximum losses to $50.
Beware of Shopping Apps
Shopping on your phone is certainly convenient, but if you aren’t careful you might be sharing more information than you intend. Mobile shopping apps can collect a great deal of information about you including address, phone number, driver’s license number, and even your Social Security number. Before you install a shopping app, make sure you check the permissions and if you’re uncomfortable, find another way to buy the items you need.
Limit the Information You Share
Keeping your identity safe is all about limiting the information you share. Don’t give out your credit card number in exchange for an opportunity to win a gadget or gift card. Watch your inbox for phishing emails and don’t reply. Be very cautious about the information you provide this holiday season.
Not All Charities are Charitable
If you plan on making a donation to a charity, choose wisely. Charity scams are common year round. This guide from the FTC will help you spot charity scams and choose legitimate options for your donations. It is admirable to give back during the holidays, but you want to be sure that your generosity is actually helping those in need.
For more tips for safe holiday shopping, check out this guide from the FTC.
October 22nd, 2014
Jackie here. Apple Pay, a new payment service from Apple is now rolling out across the country. It eliminates the need to carry physical credit cards by turning your smartphone into a payment method itself. Some security experts even hope that the new service will improve card safety and reduce the risk of credit card fraud.
How Does Apple Pay Work?
Apple Pay works differently than a traditional credit card. Before a card can be used, it must be added as a payment type. This can be done by authenticating a card already registered with iTunes, by entering information manually, or by taking a picture of the card. The real card number isn’t stored on the phone, but rather assigned a special number which is paired to the card. Retailers won’t see your actual card number, giving consumers an extra line of protection against credit card fraud. Actual card numbers will only be used by card issuers and banks to process the payment, even Apple won’t have access to your card number once it’s registered.
Apple Pay eliminates the need for physical cards as payment information is transmitted from the phone to the terminal. Once the payment is initiated the payee uses their fingerprint to “sign” for and allow the purchase (potentially eliminating unauthorized use of Apple Pay).
Is Apple Pay Safe?
Security experts see hopeful signs that Apple Pay may be more secure than a traditional credit card, but we won’t know for sure until the system rolls out and is tested for a while. Only time will tell whether it will offer the security that Apple hopes or whether the secure databases will be vulnerable to hacking. Since Apple Pay uses existing credit cards (Visa, MasterCard, etc.) to process payments users are entitled to the fraud protections their cards already offer. It will only be available to iPhone 6 users at roll-out and will only be accepted by a limited number of retailers.
Are you planning to try Apple Pay?
August 25th, 2014
Jackie here. When we see a charge we don’t expect on our bank statement or credit card bill our first thought often jumps to fraud. While fraud is a big cause of unexpected charges, it isn’t the only reason funny charges appear. “Negative option” sales are a tactic merchants use to get consumers to spend more. Let’s learn a bit more about negative options so you can avoid unexpected charges and know where your money is going.
What Are Negative Option Sales?
You may not be familiar with the term negative option, but odds are the businesses you frequent are. Negative option refers to a specific sales tactic where companies charge you unless they hear otherwise. The negative in the term applies to the response that is required from you to authorize the purchase. With negative option sales, hearing nothing means you want more (or so the business thinks).
Negative options aren’t always a bad thing. I personally appreciate not having to call in and renew my Netflix subscription every month. Some companies are very clear about their intentions to automatically charge you on a regular basis. Other times the communication isn’t as clear and consumers have no idea they are being charged until they discover a discrepancy on their statement, sometimes years (and thousands of dollars) later.
Four Kinds of Negative Options
Being familiar with each of the four types of negative options will help you notice these types of charges. Take control of your finances by being aware of what you’re agreeing to pay and how long your payments will continue.
- Automatic Renewal- Subscriptions are automatically renewed at the end of the specified period unless you specify otherwise
- Continuity of Service- Consumers continue to receive product (and bills) until they opt out of the program
- Free to Pay Conversion- This starts out as a free trial and transitions into a paid membership after a certain period of time. If you are asked to provide credit card information at signup, it may be a free to pay conversion program
- Pre-Notification- Book of the month clubs, movie by mail clubs, etc. are all examples of a pre-notification negative sale. You receive notice of a product, then receive a product in the mail and are charged unless you opt out
Learn more about negative options from this in-depth report from the FTC.
July 18th, 2014
Tamara here, AllClear ID Investigator. It’s a common occurrence for an individual to be notified that their personal information has been compromised in a breach or a data incident. Within each notification, the consumer is usually informed as to what type of personally identifiable information was involved in the incident. Sometimes, consumers wonder how a particular piece of information will be of any use to an identity thief. Here, I will outline why thieves might seek out different types of data, and what you can do to help protect that piece of information.
• Phone Number:
You might be thinking to yourself: what’s the big deal about my phone number being out there? Well, there are a number of things a thief can do with your phone number. One thing that can be done is to use your phone number on websites when trying to get the best rate for a mortgage, insurance, or an auto loan. Rather than the applicant receiving calls from agents responding to the quote request, you get those calls. There can be multiple calls a day, for an extended period of time. In that case, ask the caller to remove your number from their database. You may be able to contact your carrier to see what options you have about blocking certain numbers, but usually the calls come from different numbers. Another thing that can be done, which can directly affect you, is by using your phone number to access and take over your existing accounts. There are ways phone numbers can be spoofed to make it appear as if that is the number the caller is calling from. In this case, as with others in this article, it is recommended to set additional security factors on your existing accounts, as in a PIN or a password that would be required if any changes (such as a change of billing address, phone number, adding an authorized user, etc.) were requested.
• Dates and ZIP Codes:
Dates, dates, dates. All sorts of dates. Dates of employment, residence, birth, account duration, and education are sought by identity thieves. What can those dates be used for? Verification. ZIP codes, also. Many times, an identity thief may have some missing information, so a creditor will ask further questions to help verify the applicant’s identity. In some cases, the questions are based on this information. This information can be easily obtained, sometimes, just by going to the victim’s social media profile. To help protect that information, exclude it from your publically accessible online profiles.
• PIN Codes:
PIN numbers may be one of the more obvious numbers you should protect. If you’re using a machine where there is a skimming device attached along with a camera recording you keying in your PIN, then you’ve just given it away. While it may be difficult to determine if such a device if in use, it’s best to use machines located in the actual bank. If you’re ever in doubt, hide your strokes and/or change your PIN.
• Social Security Number:
Your Social Security number can be used in a number of different fraudulent ways. Whether it is to open a new line of credit, obtain government benefits, file taxes, for employment or to sell to other thieves, it is one of the most widely used numbers out there, but one of the bare bones of required number when it comes to identity theft. To help protect your Social Security number, one thing you can do is to be cautious of giving it out or putting it on forms. You could also set fraud alerts with the three credit reporting agencies.
• Financial Institution Account Numbers:
When a criminal has the full account number for any one of your accounts with a financial institution, it is pretty direct line into that account. Usually, once that is provided, only a couple of other personal identifiable factors are required to be verified (hence the mention above of the addition of further security factors to the account). If you ever discover that one of your account numbers was compromised, it is best to change that account number, or to at least notify your financial institution.
• IP Addresses:
IP addresses are sought after for a couple of different reasons. One is that your IP address can be spoofed by scammers, phishers, and other criminals to make it appear as if their activity is actually coming from you. Another is that your IP address can be targeted by scammers. A common scam is the Tech Support Scam, where you’re called up and notified by someone claiming to be a tech support rep from Microsoft (or some other company) who requests that you download a ‘fix’ for malware that is supposedly on your computer (they will also have you pay a fee). In that case, it’s best not to provide any information, and call the company via a verified number on their website or one of your statements to see if the request is legitimate.
• Driver’s License and Passport Numbers:
If your driver’s license or passport number is used for replication, criminals can then use it to commit fraud or other illegal activities. If they provide either number to police if they are caught, you might be linked to these crimes you did not commit. When informed either number was compromised, it is good to notify either the issuing state’s department of motor vehicles or to report it to the Bureau of Consular Affairs.
• Health Insurance Account Numbers:
These types of account number can be used fraudulently to receive medical care. The first step to take to help protect this number is to review any insurance statements and your accounts carefully. If you are charged for services you do not remember receiving, contact your insurance provider and whoever provided the services. In addition, inquire if there are additional security measures you can use to protect your account and have another account number issued.
All of this being said, data incidents and identity theft happen every day. The best way to protect yourself is to be vigilant in reviewing your credit reports, your existing accounts, explanations of benefits, online profiles, and keep an eye out for suspicious activity. If something seems a bit off kilter, dig a little deeper to determine whether or not it was fraud, and take action from there. The best thing you can do is take the precautionary measures to help prevent these numbers from being compromised in the first place.
June 11th, 2014
Jackie here. If I were to take a quick peek at your social profiles, what would I learn? Would I know that you were out of town on vacation next week? Could I learn your birthdate, or the birthdates of your children? When we hop on Facebook (or other social media sites) we feel safe and secure. After all, we’re just sharing with friends. But, in reality, too much information shared has the potential to lead to ID theft. Here are some vital tips for keeping yourself safe.
Do you read privacy policies? It is so easy to quickly glance over the legal information required to start an account without ever really discovering what permissions we are giving away. With companies that possess our most sensitive data, we need to know what rights we are granting and how our information might be used. Read the Terms and Conditions, Privacy Policies, and other important documents.
Double Check Privacy Settings
When you post to Facebook, who can see it? It’s always a good time to perform a privacy checkup on your social media accounts. Know what you’re sharing and who can see. Change settings and delete old posts if you’ve shared more than you’d like.
How Could an Identity Thief Use This?
It’s tempting to share every funny detail of your life with friends and family online, but we must remember that these details are very valuable to identity thieves. They can pair information mined from social media (think birth dates, answers to security questions, etc.) with information they’ve gathered about you to unlock your accounts and commit fraud. Before you post, think about how this information could be used by the wrong parties.
Clean Out Your Friend List
Before you accept a social media connection from a person, ask yourself if you really know them. We need to be careful about who we connect with online. Thieves and scammers may create fake accounts to gain access to your information. Knowing your connections personally will help to minimize your risk of falling victim to ID theft or fraud.
Don’t make it easy on identity thieves and scammers. Take control of your social media profiles and stay in control. For more tips, check out this article from AZ Central.
May 16th, 2014
Aaron here, AllClear ID Investigator. We’ve talked before about caller ID spoofing and what it is here on our blog. A subset of this, International Revenue Share Fraud, is currently a big concern for the United States. Recently telephone companies across the country are picking up on a suspicious pattern of missed calls. These missed calls are the catalyst to a web of fraud. The swindlers behind the scam are using call generators with automated spoofing capabilities to place a large number of calls to US cell phones. These calls ring once and then hang up so that it shows as a missed call. The number displayed is a high cost international number, usually located in the Caribbean. When the victim returns the call, they will usually hear a message stating something like “Hello, please wait on the line for the next available operator.” The goal with this is to keep the victim on the line as long as possible as the longer the victim waits on the line, the more revenue the fraudsters are generating.
How the Scam Works
When the recipient (victim) makes the return call the telephone company is required to pay a fee to transfer the call to that foreign country. This payment is then shared with the scammers who spoofed the calls. This is what is referred to as International Revenue Share Fraud. Cell phone users don’t realize that they are calling out to an international number and that they will be billed for these calls. Businesses are also falling victim to this because individuals are returning these missed calls from their work phones.
How to Protect Yourself
So, what should you do? It’s pretty simple – just do not answer calls from numbers you do not recognize or call those numbers back. We know this is difficult to do, but generally those people who truly want to get in touch with you will leave a message. The charge does not apply if you receive the call, only if you answer or return it. Likewise, companies that do not conduct business with the countries listed will want to consider blocking these area codes to avoid this type of charge:
• British Virgin Islands
• The Commonwealth of Dominica
• Turks and Caicos Islands
The area codes used in these spoofed numbers belong to these countries. They are part of the North American Numbering Plan and do not require 011 to be dialed as with other international calls. If you get a call from a number you do not recognize, you can always look that number up online to see if anyone else has reported calls from there. You can also always give us a call here at AllClear ID; we have investigators standing by who would be happy to help you look into any strange calls you may be receiving.
May 12th, 2014
Jackie here. Sometimes it feels like ID theft and fraud are spiraling out of control and that there’s nothing we can do about it. While it may feel hopeless at times, there is much we can do to protect ourselves and our families. Monitoring your credit, checking bank statements, and staying on the lookout for scams are just a few of the many things you can do. A new app that allows you to lock down your credit card may be another option to consider as well.
The new app known as CardControl allows users to turn their credit cards on and off directly from their smartphones. The app has other features too including the ability to set spending limits, disable charges from certain types of stores, and even tie your credit cards to your phone GPS so they won’t work if they aren’t together.
The new app isn’t one you can go out and get yourself. It is being offered to banks and credit card companies. If you want to use it, you’ll have to find a bank or credit card that offers the feature. Hopefully in the future, tools like this one become more available, allowing each of us to have more control over our finances and reducing the risk of ID theft.
In one test market CardControl found that it saved money and increased spending for the bank offering the service and helped customers to feel more secure.
What do you think about this new fraud fighting feature? Would you use it if it were available for your favorite credit card?
December 21st, 2013
Tamara here, AllClear ID Investigator. The holidays are here, and even the Better Business Bureau is getting into the spirit by re-creating their annual warning list about common scams during this season, The BBB’s “12 Scam of Christmas.”
BBB’s 12 SCAMS OF CHRISTMAS
On the twelfth day of Christmas,
The scammers gave to me:
Twelve malware e-cards,
Eleven stranded grandkids,
Ten counterfeit gifts,
Eight stolen gift cards,
Seven fake coupons
Six Santa scammers,
Five fake charities,
Four bogus websites,
Three travel scams,
Two phony loves,
And a totally fictitious puppy.
To help you avoid these scams, here are some tips to heed.
• Malware e-cards: That email you got claiming you were sent an e-card, but from someone you don’t know? That’s most likely malware or a virus, which would download itself upon clicking on the attachment or link contained within.
• Stranded grandkids: There are instances where a scammer will hack into an email or other type of social media account and contact the hacked family members and friends claiming to be stranded while traveling and need money. Check with other sources before sending money!
• Counterfeit gifts: So, you found an excellent price on that brand name item for your loved one. Before spending your money, there are a number of ways to ensure the item is legitimate. One of which is making sure to shop at reputable stores and websites.
• Pickpockets: Ensure your pocketbook, wallet, or purse is with you at all times! Even if for a second, do not turn away from your wallet.
• Stolen gift cards: There are a number of ways scammers can get you with a stolen gift card. One way to ensure you’re purchasing a legitimate card is to obtain them from reputable dealers.
• Fake coupons: Every penny counts, but it doesn’t count as much as having your personal information compromised by giving it to a scam artist. Be sure you’re obtaining the deals from the retailer themselves.
• Santa scammers: Before you enter your personal information into a website claiming it will send a letter to your child from Santa, ensure the site it legitimate. It’s probably best to skip any site that asks for an abundance of personal information.
• Fake charities: This time of year charities are included in many people’s gift list. But, be careful. Scammers are aware of that, and will attempt to clone a charity or create a fake charity to finagle the funds from the well intended source.
• Bogus websites: Ensure the site you’re using is legitimate. One way to determine it’s more secure is to look for the “https” in the address bar.
• Travel scams: This time of the year is one of the busiest in terms of travel. When searching for deals, as always, be sure to use a reputable site and ask for references. A quick check of the airline, hotel, or car rental company on the BBB website is always a good step.
So, there it is folks. These tips will help prevent you from being victimized by fraudsters or scammers. Have a good holiday season!
November 23rd, 2013
Ben here, AllClear ID Investigator. The Federal Trade Commission (FTC) has moved to shut down an international network of scammers that sent millions of unwanted text messages, luring consumers in with an offer of “free” gift cards and electronics to entice them into an elaborate scheme designed to take their money and target them with illegal robocalls. These messages promised consumers free gifts or prizes such as gift cards worth $1,000 to major retailers such as Best Buy, Wal-Mart and Target. In most cases it would be impossible for someone to receive this “free” card without spending money, having their credit score hit, and releasing personal information to be sold to marketers.
The complaint names nine defendants who allegedly were involved in operations violating the FTC Act and Telemarketing Sales Rule. According to the complaint, a consumer would follow a link in the unwanted text message and be directed to a site that collected a large amount of personal information. This information ranged from name, address, and telephone number to health information, and would then be sold for targeted marketing purposes. If a consumer was to put in their information for the $1000 gift card they would have to participate in several offers to qualify. These offers would include recurring subscriptions, paying upfront and shipping costs, and even submitting applications for credit that would be reflected on their credit score.
This complaint builds on a nationwide sweep conducted by the FTC in March to crack down on scammers. The FTC files a complaint when it has reason to believe that the law has been violated and that a trial is in the public interest. The FTC works for consumers to prevent fraudulent and unfair business practices, which they feel applies to these robocalling and texting operations.
October 23rd, 2013
A company called Barclays Wealth and Investment Management in the UK has started using voice biometric technology to authenticate the identity of customers during a conversation with a representative. Many call centers have experience trouble in identifying callers, and usually resort to a series of questions, often known as a test of knowledge. Mother’s maiden names, passwords, addresses, and SSNs are items that are often used during the verification process, but all of these things can be compromised by ID thieves. Voiceprints eliminates this risk by authenticating callers from their voices, not what they know.
Barclay’s Voiceprints Program
The results of the Barclay’s Wealth voiceprint investment have some interesting statistics.
• 84% of frequent callers enrolled within 5 months.
• 95% of enrolled callers successfully verified through speech.
• 93% of customers give Barclays a 9 out of 10 for satisfaction with the voice authentication.
• 5% reduction in call times
This passive approach to account verification is harder to crack. However, there could be some downfalls or drawbacks. Would a system like this be able to handle various dialects? A lot of call centers also use automated systems for account verification instead of live people. A program using Voiceprints would have to use live agents to initiate conversation to prevent a prerecorded message passing through.
While Voiceprints do appear to be a step in the right direction, only a more wide scale implementataion will be necessary before we know what effect, if any, Voiceprints will have on ID fraud.
September 30th, 2013
Christy here, AllClear ID Investigator. An unfortunate truth these days is that almost everyone is aware of the real threat of identity theft in its many forms, especially takeover of existing accounts. But how many of us are clear on why the credit card company isn’t responsible, and why the consumer cannot take legal action against the creditor for identity theft damages? There are a few logical theories, however, the main reason is in the fine print of the agreement signed when you opened the account. Many credit card contracts contain a mandatory arbitration provision which states that your consent to opening the credit card waives your right to a jury trial should disputes arise. Basically, any issues/disputes have to be settled through arbitration, for which the creditor selects and hires the arbitrator. A loss on the consumer side may result in the consumer paying those arbitrator fees.
All of this being said, there are beneficial clauses in the agreement a consumer signs when opening a credit card. The biggest one is that, under the Consumer Credit Protection Act, a consumer is not liable for more than $50 of unauthorized charges. Also, the consumer is not liable for any additional charges that occur after they have reported a card stolen or compromised. As for the fee, many times the issuer will waive the $50, though this is a decision completely owned by them. If the credit card number, but not the card itself, is stolen you are not typically held liable for any unauthorized use.
As you can see, the agreement signed upon issuing a credit card is something that is there to protect both the issuer and the consumer. As for detecting any unauthorized activity, the best thing anyone can do is be vigilant about monitoring your statements, shredding sensitive documents, and being wary of suspicious links or card readers. Some credit issuers have additional services they offer for monitoring your account, however the availability (and cost, or lack of) will vary from creditor to creditor.
September 12th, 2013
Jackie here. We recently discussed using gift cards and prepaid cards as anonymous form of payment, making this scam alert from the IC3 especially relevant. If you use gift cards, be sure to keep your eyes open so you don’t become a victim.
Gift cards are a popular source of fraud, probably due to their anonymous nature. Thieves can make purchases and access funds, all without ever having to reveal their identity. They utilize many different methods to execute this fraud. Let’s take a look at a couple:
Tactic #1- Steal and Return
Gift cards have no value until activated, so they aren’t usually under lock and key at the store. This makes them very easy to steal. Thieves steal the worthless gift cards, record card numbers and PINs, and then return the cards to the shelves at the store. These cards then wait for an unsuspecting buyer to purchase them and activate the funds. As soon as the card is activated, the thief uses the balance to make their own purchases online.
Tactic #2- Duplicate UPCs
In this gift card tampering method a thief will create multiple identical UPC barcodes for a gift card. These UPCs will be applied to cards at the store over the card’s existing code. When someone purchases a card, the UPC sticker is scanned and the balance added is put directly onto the card with the matching UPC, which is owned by the fraudster. They keep track of the balance, and as soon as it increases they spend it, often before the fraud is noticed by the consumer.
Tactic #3- Stolen Merchandise for Cards
Thieves don’t just tamper with gift cards on display; they also use them as part of other fraudulent schemes. For example, a fraudster might steal merchandise from a store and return it in exchange for store credit. They then use these gift cards as a trade to purchase drugs, other gift cards, or sell them for cash.
Tactic #4- Buying a Card for Sale
People that don’t want a gift card they’ve received often attempt to sell it. This gift card scam preys upon those with gift cards for sale. The thief will contact the seller and act interested in the card. They will request that a three way call be made to the retailer to ‘verify’ the balance amount. The seller calls the merchant with the fraudster on the line and enters in gift card information. The fraudster will then use special software to obtain the card number and PIN, which they then sell online.
Be careful with your gift cards so you don’t fall victim to one of these scams. Check out the full fraud alert from the IC3 here (second alert on the page).
September 9th, 2013
Tamara here, AllClear ID Investigator. Identity theft is a growing problem, and many financial institutions already have measures in place to detect, prevent, and address the issue. Yet, there are still a few that don’t, or the existing measures are out of date and ineffective. However, new regulations are aimed at helping solve this issue.
The Fair Credit Reporting Act requires The Securities and Exchange Commission and Commodity Futures Trading Commission to create guidelines for financial institutions regulated by the SEC to help fight identity theft. In April, the SEC and Commodity Futures Trading Commission published those regulations. The regulations went into effect May 20th, and the institutions must comply with the new regulations by November 20th.
How will these new regulations help fight id theft? Let’s say someone has some of your personal information. They go online, apply for a credit card, but use an address other than yours. When the creditor pulls your creditor report, do they notice the address is different? And, if they do, do they take further steps to verify your identity? Most likely, some of them do, while others do not.
Developing these regulations will help educate people working with financial institutions about id theft, and should help prevent id theft as well. A financial institution or creditor that maintains or offers one or more accounts that are used for personal, family, or household purposes is subject to the regulations. They require institutions to create “red flag programs” to help safeguard against id theft. It will take time to see if the programs actually do catch incidents of id theft, but they appear to be a step in the right direction.
September 6th, 2013
Jenna here. ID theft can be a complicated topic to understand, even for those who have many resources and lots of information at their disposal. Every day, our Investigations Team receives questions from our customers relating to ID theft and how to resolve it successfully. Throughout this process, we have come to realize that there are many misconceptions about ID theft and potential warning signs, so we decided to shed some light on many of the common misconceptions that our Investigators encounter.
Myth #1: Simply receiving spam texts or emails puts me at risk-many customers call in with concerns about the amount of spam or phishing texts/emails they receive. A common worry is that the simple fact that you receive these emails or texts puts you at risk for ID theft. However, this is not the case. If you receive one of these emails or texts, but do not open them, reply, provide any personal info, or click on any links in the messages, you are most likely safe. Most of the time, scammers send out mass emails or texts in an attempt to garner information from unsuspecting people; receiving a text or email does not mean your identity has been compromised in any way.
Myth #2: Credit reporting agencies only ask about things that are actually on your credit report-Before you are able to access your credit report, one of the three agencies (Equifax, Experian, TransUnion) asks security questions to verify that you are the rightful owner of that report. A security question may ask about recent activity on your report, such as a mortgage application, or a former address. However, these questions may be designed to “trick” unauthorized people—there may be no previous address or mortgage application at all. There is a “none of the above” or similar option available as an answer, and if you are certain there is no such activity or address, don’t hesitate to choose this option.
Myth #3: Receiving mail addressed to someone else means my identity has been compromised- a reoccurring concern among many of our customers relates to receiving mail or calls addressed to someone else. This often causes people to wonder if they are victims of ID theft, and if someone is using their address under a different name. More often than not, however, this practice is the result of skiptracing, a technique used by companies to find a current address or number for a person using public records. If you are truly concerned about the calls or mail you are receiving, it is a good idea to pull a free copy of your credit report to check for any signs of ID theft or fraud.
August 16th, 2013
Jackie here. On a recent trip to the grocery store I pulled out my credit card to pay for groceries, only to have it declined. It was quite embarrassing. Luckily, I had another card on hand and was able to make my purchase. I left the store and immediately called the bank to see what was happening. They told me a fraud alert had been placed on my card. After I answered a few questions, the hold was removed and my card was back in working order. But, a question remained: what triggers a fraud alert on your credit card?
Potential Triggers for a Credit Card Freeze
Credit card companies want to minimize fraud and reduce the amount lost if a credit card is stolen. They have developed complex processes to identify potentially compromised cards. While many factors can lead to a freeze on your card, there are a few red flags that card companies may be watching out for. Check out a couple of interesting articles on the topic here and here.
Gas Station Purchases
I buy gas with my credit card all of the time, but surprisingly this can be a trigger for a fraud alert on your card. Thieves often test cards to see if they are working by making a small purchase or by filling up at a gas station. Gas stations are a great place to make a test purchase since you can usually pay at the pump without ever having to show id or even talk with an employee. If buying gas always resulted in a fraud alert, no one would use their cards to fill up; alerts are more likely when getting gas in a different part of town or in a different city than usual.
Shopping in a Fraud Prone Area
Making purchases in a known fraud area can be another red flag for your credit card company, especially if the purchases are for large dollar amounts or on merchandise that is easily resold (think electronics, gold, jewelry, etc.).
Using the Card to Get Cash
Getting cash with a credit card (or buying gift cards and other similar items) can be a potential sign of fraud to your bank. ID thieves are often after financial gain, and taking out cash directly eliminates the need for them to use the stolen card to buy items, and then resell those items for cash.
If your card is being used to make purchases across the country or around the globe, it might be flagged for fraud. This often leads to vacationers or frequent business travelers getting the unfortunate surprise of a card that won’t work. To eliminate this flag for legitimate transactions, call your bank and let them know the dates and location of your vacation before you leave.
Changes in Purchasing Patterns
Most people are pretty consistent in their spending habits. They shop in the same areas, buy the same type of things, etc. Changes to this pattern can trigger a fraud alert. Since your credit card company has an extensive history of your purchasing habits, they know the type of things that you are likely (or not likely) to buy.
Fraud holds on legitimate transactions might be irritating, especially when there is a fairly long list of triggers banks use to detect fraud. However, these fraud holds are often the first warning sign of id theft and credit card fraud that many consumers receive.
August 15th, 2013
Aaron here, AllClear ID Investigator. After major disasters, it is very common for scammers to act as charitable organizations, hoping to gain money or personal information from unsuspecting donors or victims to commit id theft. Scammers running fake charities will use the email or telephone to get in touch with people to ask for money. These criminals will even go so far as to contact disaster victims and say they are affiliated with the Internal Revenue Service and will aid the victims to file fatality loss claims and get a refund on their taxes.
In addition, some scammers set up fake websites or disaster funds. This took place a short time ago during the Hurricane Sandy disaster. As a result, Attorney General Buddy Caldwell urgedLouisiana residents to prepare for the 2013 hurricane season (which began June 1), and to watch out for related scams. Caldwell stated, “As hurricane season quickly approaches, I encourage all Louisiana citizens to prepare now for the possibility of a storm…unfortunately, hurricane season is also a time in which unscrupulous con-artists try to capitalize on your misfortune.”
The Internal Revenue Service warns that this type of scam could be very common in 2013. Anyone who has been a victim of a natural disaster or wants to donate to charity to watch for scammers by following these tips:
- If you would like to donate to disaster victims, only donate to well known charities.
- Be cautious of charities that appear similar to well-known charities-scammers often impersonate well-known organizations. You can find reputable organizations by visiting IRS.gov and using the search feature, Exempt Organizations Select Check, this tool allows individuals to find recognized charities to which donations can be tax-deductable.
- Never provide personal information, such as your banking passwords, credit card info, or Social Security number over email. Reputable charities will have a secure system that you can use to donate.
- Never give or send cash. Always use either a check or a credit card
Call the IRS toll-free disaster assistance telephone number (1-866-562-5227) if you are a disaster victim with specific questions about tax relief or disaster related tax issues.
August 12th, 2013
Jackie here. We’ve been talking a lot about “Big Data” lately and I have to admit it makes me feel a little paranoid. When I swipe my credit card at the grocery store or make a purchase online I can’t help but wonder what information merchants are collecting and sharing about me. While there is probably no way to fully escape the big data trend, there are some ways to incorporate more anonymous spending into your daily routine, if you are looking to get away from the trend of companies tracking your purchase history. Let’s take a look at some of the benefits of purchasing anonymously.
What Are the Benefits of Purchasing Anonymously?
This article by Forbes provides some interesting insight into the benefits of making anonymous purchases. Check it out if you have the time. Some of the benefits of anonymous purchasing include:
- Avoid Marketing for Purchases- Card companies monitor and record each and every purchase you make. This information is often sold to marketers who may send you targeted advertisements based on your purchasing patterns. By using an anonymous card, you may be able to avoid much of this targeted advertising.
- Keep Information Out of “Big Data’s” Hands- We’ve talked quite a bit about the dangers of sharing too much information. By using an anonymous credit card you limit the information you share with data companies. This may be a helpful way to cut down on the amount of information about you that is available to data brokerage firms and advertisers.
- Avoid Fraud- Many people use anonymous cards to protect their bank accounts from unauthorized purchases and credit card fraud. With a prepaid card, the amount you could potentially lose is limited to the amount on the card, whereas with a bank account you could lose everything. This gets a bit tricky though when you factor in the fraud protections available to you. Regular credit cards and debit cards have limited consumer liability if the card is used fraudulentl. With prepaid cards, the protections are much weaker.
- Don’t Ruin the Surprise- When you share accounts with a spouse or significant other it can be hard to buy gifts. Your partner often knows exactly what you’ve purchased from online records. Anonymous cards can help you buy a surprise that will actually stay a surprise.
Do you use anonymous cards? What are your reasons?
August 7th, 2013
Allison here. When we talk about social media on this blog, it’s usually about the newest scam, or the latest data breach, or tips to stay safe when you’re sharing information online. As many id theft pitfalls as social media may have, it also has traps for the scammers and hackers themselves. Companies are now using social media to stop online payment fraud.
Using Social Media to Fight Fraud
Companies lose $3.5 billion each year to online payment fraud, and various organizations are using different networks to verify identities. Payment system provider Intuit is using LinkedIn to verify the identities of its users, checking to see if they are who they really say they are. Equifax is working with government agencies to use public information to verify that those who are receiving benefits are actually eligible. Essentially, companies are using the very fact that people post a lot of personal information online as a way to catch those who are attempting to defraud companies and organizations.
For now, companies are only using publicly available data, which does include blog posts, Yelp reviews, and online forum comments. They are not adding people as friends or creating profiles to get closer to you or others. Publicly available data includes photo tags, locale check-ins, and your network of friends. It appears social media sites may be the next frontier in the fight against id theft and fraud.
July 30th, 2013
Juan here, AllClear ID Investigator. Gangs and organized crime syndicates are more emboldened than ever to commit ID theft. Like any business, a gang is organized to make money, and id theft is just another way for them to do that. Gangs make money by committing ID theft in a variety of ways, ranging from fraudulent tax filings, stealing Social Security checks and other benefits from the elderly, and of course, by opening lines of credit in your name.
To commit fraud and ID theft, gangs must first get ahold of people’s personal information. Recently, the trend has been to have girlfriends or female gang members get jobs as data entry clerks, administrators, or receptionists. They show up for a couple days of work, copy the information of random people or download it to a flashdrive, then they never show up again. Sometimes, the company may take months to figure out what happened, or they may never know at all.
What About the Victims?
When a victim of ID theft successfully restores their identity, they are cleared of any responsibility to fraudulent charges and debts. Let’s say, for example, that a credit card was opened in your name, $5300 charged, but you were able to prove that you were the victim of fraud and are cleared of all responsibility for repayment. Next, the creditor asuumes reponsibility for the debt, and owes the $5300 charged on the card. At that point, the creditor more than likely has information as to who the suspect is and where they live. It is up to them, however, to decide to contact law enforcement or to pursue the id thief criminally. In many instances, the time and money a creditor must spend to bring charges against the gang or id thief is not worth the amount of money stolen, and creditors simply decide not to press charges or file a criminal complaint.
Even when the crime is a fraudulent tax filing used to commit tax id theft, the chance of being pursued criminally by the IRS for a filing of $500 to $2500 is almost non-existent. “The only thing you can try to do is complete the refund in January, before anyone else can file in your name,” according to Detective Craig Catlin with the North Miami Beach Police Department. Ultimately, many creditors, and even the IRS, often do not have incentives to take any criminal action against id thieves. Gangs are beginning to recognize this, and are using it to their advantage, committing more id theft than ever before.
June 19th, 2013
Allison here. Credit card fraud is the most common form of identity theft, possibly because it is difficult to catch in the act. Fortunately, that might change with iPad point-of-sale system provider Revel Systems, which has created the first ever photo confirmation identity theft protection.
About the System
The new system uses visual verification to check whether the person using the credit card is the person that owns it, and it’s built right into the POS system.“It saves the merchant and end-user. It’s a win-win for both sides,” said Chris Ciabatta, CTO and co-founder of Revel Systems, the company behind this identity theft protection system. Prior to this feature, if a retailer was notified about the use of the stolen credit card, the retailer would often lose the money from the sale, while the id thief would be able to continue using the stolen card. Now, the merchant can protect against the loss while catching the thief in the store, in the act of using a credit card that doesn’t belong to him or her.
“We saw that fraud was happening everywhere, but retailers don’t ask for a driver’s license when you use your credit card,” Ciabatta said. He also said that he had his own credit card stolen, so he wanted to create something that would stop a thief and prevent fraudulent charges for consumers and retailers.
How to use the System
Consumers can be part of this system by registering their photo and credit card at revelution.com. Simply create a profile, or integrate it with Facebook, and you’re in! Now, if a merchant finds someone other than you using your credit card, they can call the police. Also, the merchant can verify that you are the one who should be using your credit card without needing to ask for an ID. Signing up is completely free, and if you aren’t signed up yet, the receipt will encourage you to sign up. Currently, several thousand consumers have uploaded their photos and credit card numbers.
As this is a new system, some concerns do exist. For instance, the system matches your personal information with your credit card number in a database, creating the potential for hackers to gain access. Furthermore, if you loan your credit card to a friend, family member, or babysitter to use on your behalf, it is unclear how the use of this system will affect transactions such as these.
The id theft protection feature has been out for three months, with several thousand merchants across the country using the system. To see a video about the system, click here.
June 3rd, 2013
Jackie here. What does a fraud victim look like? Are they your friends? Your neighbors? Or maybe even yourself? An FTC survey found that almost 11% of US adults purchased fraudulent products in 2011. This means that 25.6 million people were victims of some sort of fraud. The FTC has created a profile that can help you to understand the factors that may increase your likelihood of becoming a fraud victim and give you some ideas to better protect yourself.
Commonly Reported Fraudulent Products
While any product or service could be used to commit fraud, some of the common culprits included weight loss products, prize promotions, unauthorized billing for clubs or internet, and work from home programs. If you are purchasing or looking to purchase an item in these categories, keep your eyes open and be aware of the increased potential for fraud.
Where You Find the Product Matters
How do you learn about new products and services? The FTC found that people who made a purchase after learning about a product from a telemarketer, TV ad, or spam email were three times more likely to become victims of fraud.
Life Events Impact Risk
Negative life events like divorce or the death of someone close to you can also impact your risk. Those that had undergone a serious, negative life event in the two years prior experienced more fraud than those that had not undergone these events.
The FTC also found that people aged 45-54 were the most likely to spend money on a fraudulent product or service.
Potential victims of fraud could be anyone you know. To learn more about ways to protect yourself from fraud check out these great fraud prevention articles on our blog.
February 4th, 2013
Jackie here. It’s official; the 2012 tax season is here! This year the season opens and returns can be submitted starting Jan 30th for most people (some with special circumstances will still need to wait). The most common, and some of the best advice for this time of year, is to file early, ensuring you are the first (and only) person to file under your name.
Last tax season it is estimated that more than $5.2 billion dollars in fraudulent refunds were processed and paid out by the IRS. While tax id theft can usually be resolved and your missing refund issued, it can take time and result in huge delays while your claim is investigated. Filing early will help lower your risk and save you the hassle of a lengthy investigation and delays in getting your refund.
As you file your taxes keep an eye open for potential signs of id theft like multiple returns filed using your social security number, a balance due or collection actions from the IRS or IRS records that indicate an employer that you haven’t worked for.
If something suspicious does come up or if you believe you’ve been a victim of tax related id theft you should contact the IRS Identity Protection Specialized Unit by calling 1-800-908-4490. You can also access more information about id theft on the IRS website here and here.
Now is a great time to start filing your returns and protecting your tax refund from identity thieves. In the meantime you should also check out past posts about tax id theft on the AllClear ID blog.
December 3rd, 2012
Jackie here. Have you heard of a Personal Health Record (PHR)? Basically, it’s a compilation of your medical records, including medical conditions and prescriptions, which you can manage and share with your medical providers. Unlike a traditional medical record, which the doctor is responsible for, the consumer is responsible for the PHR, which can give you more control over your medical history and give you more power in managing your health conditions. While PHRs have many benefits, there are a few important considerations you should understand to protect your medical history and your identity.
PHRs and Your Privacy
PHRs are generally created by a doctor, medical provider or private company, and are then stored in electronic format for easy access. While you have access to all of your information and can decide who to distribute it to as you like, protecting your medical information is a necessary consideration when choosing a PHR. As most are stored in electronic format, PHRs can be vulnerable to hacking and medical identity theft.
When choosing a PHR, carefully read their privacy documentation. PHRs run by health care providers and health plans typically have more stringent privacy regulations than private PHRs since they are governed by HIPAA (Health Insurance Portability and Accountability Act). If a PHR is not covered by HIPAA, your only protections are those listed in the privacy documentation, even if the provider advertises that they are HIPAA compliant. Some PHRs may seek to profit from your health information, so always find out what they plan to do with your records.
The Privacy Rights Clearinghouse has created a list of questions that you should keep in mind as you analyze potential PHRs. Check them out here (the questions start about halfway down the page). If you can’t find a PHR that you are comfortable with, but you still want to have access to your medical information, collect paper copies of your medical records and store them in a secure location yourself.
You can learn more about PHRs by reading this fact sheet from the Privacy Rights Clearinghouse. It was created with California residents in mind, but the information inside generally applies to everyone.
November 27th, 2012
Jackie here.When I was in school I always loved the days that the teacher decided to skip our lessons and show a video instead. So as a special treat for you, I’ve rounded up some of the best id theft videos on YouTube. Sit back, take a break, and enjoy learning more about identity theft.
1. Protect Yourself From Malware by the FTC
We talk a lot about malicious software and how to avoid it here on the blog, but if you’re a visual learner, this video might help reinforce important concepts. This video is very informative and since it’s easy to follow and understand, it might be the perfect way to introduce malware to your children or family members.
2. What to Do After a Data Breach by the Privacy Rights Clearinghouse
After learning I am affected by a breach, its stressful knowing my information has been stolen and I don’t always know the best way to protect myself and my identity. This short video provides step by step tips for protecting yourself after a breach. You’ll learn about credit monitoring, security freezes and the options available. This video is a must watch for anyone that has ever had their information compromised.
3. Keeping Your Kids Safe Online- by Stay Safe Online
Today’s kids are growing up in an entirely different world than we did. They have never known a time without the internet and many spend hours each day online. It is important to start teaching children about online safety and protecting their identities from a young age. This 10 minute video features interviews with parents, teachers and kids about internet safety. If you’ve ever wondered what you need to teach your kids about online safety, this video is for you.
4. Id Theft and Taxes from the IRS
Tax time will be here before we know it. Last year, id theft was a big problem during tax season and we expect that similar problems will arise this year. If you suspect that you’re a victim of id theft or even if you’ve just noticed problems in your credit report, you can work with the IRS to protect your tax refund from thieves. This video explains what you need to do if you are an id theft victim or are at risk for becoming a victim. Act quickly; the sooner you start getting help, the sooner you can resolve your issues.
5. Child Id Theft by AllClear ID
How does child id theft happen? What can you do to protect your child? This video is one we created here at AllClear ID to answer common questions about child id theft. If you have a child, watch this video and find out how to lower their id theft risk.
November 26th, 2012
Jackie here. As you know, credit reports are often one of the first places that signs of identity theft appear. Your credit report can lend a lot of clues about the safety of your identity, from accounts that you didn’t open to balances that appear to be too high. If you check your credit report and everything looks good, you don’t have to worry and you don’t have to do anything. But, what happens if you find an error or a problem? What do you do next?
Under the Fair Credit Reporting Act, you are entitled to dispute errors in your credit reports. This means that should identity theft occur, you have the ability to fix it. Here are some tips for fixing problems in your credit report. Don’t forget: the process might be difficult, but it is vital to dispute any false accounts or claims.
- Dispute with the Credit Bureaus- Many people make the mistake of disputing their errors with the creditor directly, not the credit bureau. Rather than simply contacting the creditor, also get in touch with the credit bureau as they are legally required to investigate your claim. If you have both the creditor and the credit bureau working on the error, you are more likely to get it fixed.
- Compare All Three Credit Reports- Different companies report to different credit bureaus, so your file with TransUnion might not look the same as your file with Experian or Equifax. You are entitled to one free report each year from each of the credit bureaus. You are also entitled to additional reports if you are denied credit based on information in your report, if you’re unemployed and plan on starting a job search, or if your report is inaccurate due to fraud or id theft. Compare all three reports, looking for errors and inaccuracies in each. A problem might be hiding on one report and won’t be visible if you don’t look at all of them.
- Get It In Writing- Rather than calling to report a dispute, send in a written letter. Include copies of any supporting documentation you may have. It is a good idea to create a file where you keep dated copies of all correspondence you send and receive regarding this matter. Once the credit reporting company receives your dispute, they will investigate and you will hear back from them, typically within 30 days. You should also send a written dispute to the creditor. It may be a good idea to pay extra when sending these requests off and get a return receipt so you have proof that the letter was sent and received. Online requests should also be avoided. When disputing errors, stick to the postal mail system.
For more information about disputing errors, check out this fact sheet from the FTC. We’ve also found a great article for you that talks about the 5 biggest mistakes people make when disputing errors.
August 31st, 2012
Jackie here, with AllClear ID. Cyber-scams are always changing and evolving. This makes it very important to stay vigilant and keep your eyes open for potential problems, even if the scam isn’t one listed here. The IC3 (Internet Crime Complaint Center) recently published a list of currently popular scams. Let’s take a look!
Fake Political Surveys
A fake political survey is on the loose and might soon be calling up your phone. The survey asks respondents to answer a few simple questions and then informs them that they have won a prize (a free cruise to the Bahamas). “Winners” receive a web address and are asked to provide their email address and credit card numbers for port fees. This is a scam. Do not provide your credit card number or other personal information.
The IC3 has been receiving complaints about an online phonebook website. This site allows users to post personal information about others including names, unlisted cell phone numbers, email addresses and other information. The website also allows users to make private phone calls to anyone listed on the site and to track others using GPS. Be careful who you share personal information with. You have no control of what others do with your info once they receive it.
Free Credit Services (That Later Charge)
Citadel malware’s new ransomware has been claiming victims across the web. Victims contract the ransomware at a drive-by download site where the program is installed on a user’s computer. Once it is installed the computer freezes and a screen is displayed which indicates that the user has violated federal law. Often, allegations of child pornography are included. The ransomware instructs victims to pay $100 to have their computer unlocked. Even after paying the malware is still operating on victim’s computers stealing banking and other information that can be used to commit id theft.
If you have been a victim of this scheme, report the problem to the IC3 and do not make a payment. We have more information about this scam on our blog. Check out the article here.
Scams are everywhere, but the IC3 has noticed these scams are especially popular right now. Keep your eyes open and don’t become a victim! Learn more about these trending scams from the IC3 here.
August 30th, 2012
Allison here. Do you use Dropbox to store files and information on the cloud? If you do, you’ll be happy to learn that the cloud storage provider has implemented a two-step verification process to make its user accounts more secure. This security boost comes weeks after Dropbox suffered a security breach.
The two-step verification works by requiring an additional step before logging into your account: providing a six-digit code that is sent to your phone via text or accessed through a mobile app. At first, this two-step verification is currently opt-in, so those who want the extra security will need to download the latest version of Dropbox and follow the instructions. However, within the next few days, all Dropbox accounts with have the two-step verification.
This verification takes place anytime you try to log into your account from a new computer or mobile device (logging into your computer, and then logging in on your iPhone will trigger the second verification). Google already has a similar system in place, which works very well. It can be inconvenient to put in a new code, especially if you use multiple computers or mobile devices but the second layer of security means that a hacker who gets a hold of your screen name and password won’t be able to get into your account and wreak havoc.
If you happen to lose your phone and can’t get in, this verification system does have an emergency backup code, once that can be used if you need to log in on a new computer or device, but can’t because you don’t have your phone to get the six-digit code. Using the backup code will disable the two-step verification, so if you get your phone back or get a new phone, Dropbox (and AllClear ID) recommend turning the system back on.
This is a big step for Dropbox users and other data storage providers who want security to be a number one priority. It’s only a matter of time before other large companies follow Google’s and Dropbox’s example to do better when it comes to protecting user accounts.