A Credit Card Takes a Holiday Part 2

Shoppers during the Holiday Season

The following is Part 2 of a two part series regarding Credit Card Fraud.


In Wednesday’s article, we looked at how prevalent credit card fraud has become. We also touched on ways the industry and device manufacturers are adding additional layers of security. While we learned that identity theft exists and now have a fundamental understanding of simple security, how do we prevent it? We hope to address those concerns in today’s post.

Before talking prevention, it’s important to understand how credit cards are stolen in the first place.

Understanding & Preventing Credit Card Fraud

See any Hollywood film; hackers are the cream of the crop. Klacking of a keyboard is the wizard waving a wand over his eye of nute. Uninterpretable to a normal human ear, hackers speak binary as their second language. No firewall is too tough, no server too small for these elite group of men.

Of course, that is only what Hollywood and PR firms want you to think. In reality, most hackers do what any type of thief would do: See if the door is open.

Understanding how easy it is to obtain a credit card is a key step in credit card fraud prevention. Below is a list of the most common methods credit cards are stolen and ways to mitigate them.


Credit Card Skimmers

Why actively seek out credit card information when consumers can simply give it to you? Skimming is a simple concept of reading the credit card information off the strip. The most ideal position would be wherever consumers would insert their card. Most thieves purchase or create a device that mimics an ATM or Pay-at-the-Pump’s card insertion point. Look at the example below:

You may be asking, “But ATMs have keypads and the thieves would need the 4-pin code”. There’s no need to worry on that, they make keypads that lay atop the real keypad.

Key Pad Skimmer

To see more on how insanely good these devices are, visit KrebsOnSecurity.com.

Prevention

  • Use a credit card with an EMV-chip and 4-digit pin.
  • Use Apple Pay or Android Pay.
  • Don’t use outside ATM’s or Pay-at-the-Pump. Always choose to pay or withdraw money inside. Inside typically has reliable cameras and cashiers who have gone through background checks.
  • Check for a skimmer or keypad. Sometimes they are so hastily put on with crappy glue that their alignment is off or they easily come off.
  • Look for tamper tape. If the tape is removed, the “void” label will appear.
  • Look for a camera. In lieu of a keypad, some thieves use a camera to get the 4-digit pin code.

Social Engineering

Social Engineering is one way to steal credit cards.

This one takes a lot of guts, but there is no bar too low for credit card thieves. Social engineering involves a thief impersonating a person of some authority to give out information. For example, a thief may impersonate a Verizon employee calling you to make immediate payment for a past due bill. These are often easy to challenge and prevent, but for most consumers it’s easier to give in.

Prevention

  • Simply never provide confidential information to strangers in person or over the phone.
  • Most companies will not call you for credit card information, nor send people to your day to collect it.
  • If you receive a bill in the mail, call the business number listed in a phone book or google (not the original mail) to confirm they sent the bill.
  • Take time when talking to unrusted individuals. They prefer to get the information immediately.

Dumpster Diving

Many thieves dive into dumpsters to obtain information.

Many credit card companies have been good about removing critical card information from their mailed materials, but there is still plenty of information that can be obtained. Remember, it was roughly a decade ago that retailers began masking your ENTIRE credit card number on the receipt.

Prevention

Proper disposal of confidential paper is key to make trash unreadable to dumpster divers. Acceptable ways include:

  • Paper shredder with security level 2 or higher.
  • Burn the paper. This method is more effective than a shredder as the individual pieces can’t be reassembled. Popular in government.

Hacking

Hackers attempt to brute force into servers to obtain credit card information.

The most famous of crimes in today’s digital age. While the above examples mostly involves each consumer individually, hacking usually casts a wider net that is beyond his or her control. Perhaps most infamous was the Target hack back in 2013 that affected millions of consumers. These attacks are mostly done by finding vulnerabilities in systems (or doors wide open) and exploiting them.

These types of attacks are performed typically by one person or occasionally a larger group. The sheer amount of credit card information is simply too much for one hacker to take advantage of. That is why you will typically find this information auctioned off to groups willing to big for the right price. This typically causes a long delay from the time of theft to when the retailer knows it’s been compromised. For instance, Yahoo had just recently acknowledged they were compromised back in 2014.

Of course, a hacker doesn’t need to target a major system. They may very well please target a single computer, such as your own.

Prevention

  • Have the latest anti-virus and anti-malware software installed.
  • Perform scans regularly.
  • Install a firewall.
  • Ensure your are always visiting trusted shopping sites on an https:// connection with a valid SSL certificate.
  • Update all operating systems and software to the latest versions.
  • If possible, ensure e-commerce websites conform to the latest PCI compliant standards.

In Conclusion

Exposure comes in many shapes and sizes, but rarely do consumers provoke theft of their own credit cards.  The fact is, the industry has been so slow to change because they have been busy chasing dollar signs.  They certainly see the impending manifestation of their own inaction, and as a result done the absolute bare minimum to propel credit cards into the 21st century.

Ultimately, it is up to the consumer to quickly adopt the latest prevention to prevent credit card fraud.  Perhaps when checking out at McDonald’s, give Apple Pay a try.  If the locally-owned pharmacists doesn’t accept the chip, elect to pay in cash instead.  If you’re paying at the pump, opt to pay inside. Whatever you do, just don’t swipe.

When and how you pay gets recorded as data and sent back to the major card brands.  Eventually when enough consumers adopt the new technology, card brands will have noticed the shifting trends.  By that time, they and the retailers will have crossed the Rubicon where flipping the universal switch is inevitable.

Leave a comment

Your email address will not be published.


*