Will EMV Cards Protect Your Wallet?

Dollar Finger PrintThat old-fashioned magnetic stripe on the back of the credit and debit cards in your wallet is about to exit stage left.

The size, scope and cost of the Target breach is forcing the U.S. retail and banking industries to grudgingly adopt a newer data security standard that has already been embraced by our friends across the pond for many years now.

Cards that store personal data on high-tech embedded smart chips, will still look and feel the same as the old cards. As consumers in dozens of countries have already discovered, so-called “smart cards” will deliver the same convenience but with greatly reduced vulnerability for point of sale transactions.

Credit cards with the embedded chips will also require the user to input a unique PIN number. This creates the sort of two-factor authentication that renders fraudulently cloned mag-stripe cards useless.

American retail and banking systems have already begun (with Target leading the way) to invest in safer smart card technology that will be ready to deploy by October 2015.

The Charlotte Observer reporting on a Bloomberg editorial had this to say: Continue Reading…

9 Steps To The Target Hack

TargetStore.jpgBlack Friday 2013 was the beginning of a crazy shopping season for consumers and hackers alike.

Consumers snapped up holiday shopping deals across the retail spectrum and hackers snapped up the data from credit card magnetic strips. A good time was had by all.

Security experts have now begun to piece together the identities and methods of the actors behind the Target breach.

The stolen data began popping up for sale in black market underground chat rooms almost immediately, just like fresh caught fish that needs to be purchased and consumed it before it begins to stink!

Fearless former Washington Post columnist Brian Krebs, was the first to report on the breach. Krebs has been infiltrating and reporting on criminal activities in underground online chat rooms since 2005.

According to Krebs:

“Key information that informs some of my best scoops is just as likely to come from people actively engaged in cybercrime as it is industry experts working to fight fraud. So, once again, a sincere thank you to all of my readers — lovers and haters alike.”

The investigators’ reports are in. I’m a risk management guy, not a computer engineer so here’s a layman’s list of 9 steps revealing: “How the attackers did it”. Continue Reading…

Why Cyber Threats Will Grow In 2014

speedometer of the new yearHoping for a brighter, more profitable 2014? Cyber crooks are too!

But despite growing security awareness in businesses and at home, experts predict that we’re in for an even larger privacy battle in 2014.

As the recent Target data breach (and the subsequent flooding of personal data onto the internet black market) is proving, cyber attacks are BIG business.

Steve Wexler is a technology and security journalist at IT-TNA (IT Trends & Analysis). In a recent article published in PC World magazine, Wexler commented: “One would expect doom and gloom forecasts from security vendors – and IT industry analysts – and you won’t be disappointed.

In his IT-TNA blog, Wexler cites fear as one of the contributing factors for increased vulnerability: Continue Reading…

‘Let Us Prey’: Con Men Infiltrate Obamacare Marketplace

AlertEKGThe cloud of disappointment, mismanagement and controversy surrounding the roll-out of President Obama’s Affordable Care Act provides a perfect cover for criminal mischief.

Honest magicians and dishonest con artists, both instinctively know that when we focus on one hand, they can accomplish their “business” with the other hand. It’s called misdirection.

The New York Times recently published a piece entitled: Con Men Prey on Confusion Over Health Care Act. The story uncovers multiple sketchy encounters, including a Southern California woman who had a con man visit her home in a brazen healthcare fraud scheme.

“Madeleine Mirzayans was fooled when a man posing as a government official knocked on her door. Barbara Miller and Maevis Ethan were pitched by telemarketers who claimed to work for Medicaid. And Buford Price was almost caught by another trap: websites that look official but are actually bait set by fly-by-night insurance operators.” Continue Reading…

Fighting Scary Cyber Threats

PumpkinThis is that time of year when we turn to fall sweaters, football and pumpkin pie.

Its also time to get off the couch for a moment and recalibrate our Cyber security awareness meter. The bad guys are out in force and they are organized, ruthless and hungry.

They attack on every front and in every sector. Industry, government, large businesses, small businesses, students, families or any target connected to “the grid” is open game.

Once again, the Department of Homeland Security kicked off their annual Cyber Security Awareness Month to help raise awareness in this cyber community we have all become attached to and somewhat dependent upon.

“Everyone has to play a role in cybersecurity. Constantly evolving cyber threats require the engagement of the entire nation — from government and law enforcement to the private sector and most importantly, the public. Cyberspace is woven into the fabric of our daily lives and the world is more interconnected today than ever before. We enjoy the benefits and convenience that cyberspace provides as we shop from home online, bank using our smart phones, and interact with friends from around the world through social networks.” Continue Reading…

Is The iPhone Fingerprint Scanner Hackable?

sugar temptation

Yes, but not so fast. What’s that got to do with handfuls of candy (see photo) you ask?

Apple just announced that their newest iPhone has a security feature  called       ‘Touch ID’. This new biometric tool allows users to store their fingerprint data inside the phone as an added security measure.

Many are questioning whether this technology improves the iPhone or if it can be easily hacked or bypassed. The company that developed the iPhone technology (Authentec) was gobbled up by Apple in one of their most expensive acquisitions ever.

Security technologist Bruce Schneier recently pointed out that fingerprint readers have a history of vulnerability and some systems can even be fooled by a simple photocopy of a fingerprint. Schneier says that a German researcher once fooled a system using a fake print made of the same gelatin-like ingredient in Gummy bears! Not so sweet. Continue Reading…

5 Reasons Your Passwords Stink

Security concept: Red Shield With Keyhole on digital backgroundIf we’re being honest here, most of us live at the extreme ends of the password creation pole.

We either give  the construction of effective passwords no thought at all, or we get stuck using the same predictable password on multiple sites and accounts.

There are some basic rules for the effective assembly and storage of passwords that can deter intruders from gaining access to your private data. Although there are many companies who offer this kind of password generation for a fee, I thought I’d share a few ways you can do it without opening your wallet. Continue Reading…

Why Red Flags Rules Matter To You

iStock_000002123532XSmallSoon, you’ll be in the market for another vehicle. Whether it’s a practical vehicle for the family’s summer vacation, sending the kids off to college with reliable wheels, or that little red Porsche you’ve eyed for years, we’re all “in the market” now and then.

As a result of financing or leasing a vehicle, your non-public personal information is put “out there” making the risk of identity theft a very real concern. The privacy risks and realities of financial transactions are real and cost consumers and business billions of lost dollars each year.

In 2007, Congress and federal banking regulators created the Red Flags Rule. Again in 2010, they enacted new legislation narrowing the definition of “a creditor”,  and recently updated a list of over 30 recommended practices (Red Flags) to safeguard consumer information.

Auto dealerships are among those financial institutions that are required by the Federal Trade Commission to protect your private information by implementing the Red Flags rules. What are they looking out for? Continue Reading…

Guard Your Web Surfing From Prying Eyes…3 Simple Tricks

Pryingeye.jpgWe all know by now that the FBI, the National Security Agency and British intelligence are tapping into the data silos of nine leading U.S. internet companies which include: Microsoft, Google, Yahoo, Facebook, Pal Talk, YouTube, Skype, AOL, and Apple.

Exactly twelve years ago, Brad Templeton from the Electronic Frontier Foundation rather prophetically pointed to the sort of privacy scandal (like the one involving the NSA, PRISM and Verizon) that we read in the headlines daily. In 2001, Templeton wrote:

” The real danger comes because when we feel we are under surveillance by the government, by strangers, by our neighbors, or by faceless databases we feel less free.”

According to the EFF, despite President Obama’s recent claim that the government is only sifting through so-called metadata, this data can still reveal a boatload about your movements, your interests and your problems.

Its encouraging and noteworthy that Twitter has been singled out as a positive “exemplar of privacy protection” according to an article in the Washington Post.

So here are 3 simple things you can do to help keep your personal online habits (part of what I refer to in my book as your “Habit Habitat”), as private as possible. Continue Reading…

3 Reasons To Care About CISPA

CapitolDomeAny current legislation being debated in Congress which affects the handling of our private information, deserves attention.

The Cyber Intelligence Sharing and Protection Act (CISPA) has recently passed the House and now awaits Senate approval. Under the provisions of CISPA, U.S. companies could hand over all of your private data  to the government, all in the name of national defense.

This information sharing would be done in the interest of “national security” and the justification for CISPA, is to help our government fight back against foreign hackers like China and Iran.

According to US News and World Report:

“A very long list of major companies – including AT&T, Verizon, Intel, HP, Time Warner Cable, IBM, Comcast, McAfee, Oracle, Google and Facebook – like CISPA because it lets them off the hook. So when Anonymous called for a blackout to protest CISPA, it fell on deaf ears to the big tech, Internet and cable companies responsible for vast swaths of the Internet.”

Three reasons you should care: Continue Reading…

Page 1 of 1012345»...Last »