ATM Security: Some Helpful Dos and Don’ts

Atm fraud prevention scam card skimmer

Simple actions help ensure ATMs are both convenient and safe.

Both average citizens and criminal minds adore the convenience of Automated Teller Machines (ATMs). With the growing ubiquity of ATMs around the world, the emergence of cunning card scams that defraud ATM users are becoming all too familiar. Meanwhile, at the ATM most citizens remain unaware of the risks of tossing their card statements in the garbage on the street corner and appear aloof when entering their PIN number in full view of strangers passing by.

Though ATMs have been around for a while now, we all can benefit from a friendly reminder of the Dos and Don’ts when using ATMs and how best to keep our ATM cards safe.

Security guidelines for your ATM card

Dos:

  • Sign your name on the strip on the back of your card as soon as you receive it.
  • First use of the card must be at an ATM, otherwise it will not work at Point of Sale (POS) at a store.
  • Memorize your personal identification number (PIN) and never share it with anyone.
  • Store your card in a secure place where you will know immediately if it goes missing.
  • Beware of “shoulder surfing”: shield your PIN from onlookers by using your body and hands. Once you complete your transaction, be sure that you have your card and your receipt, then leave immediately.
  • Make a new PIN as soon as you receive your card. Change your PIN every three months.
  • Store your bank card with care so that you do not damage the magnetic stripe.
  • Check your ATM machine for signs of any external fittings or loose wiring; these may indicate you are using a scam ATM machine. Report suspicious ATM machines to the bank and use another ATM.
  • Check your monthly bank statement for unusual or unauthorized transactions. Report any suspicious or unfamiliar transactions to your bank immediately.
  • Ensure your card is swiped in your presence at a POS.
  • Immediately inform your financial institution if your card is lost or stolen.
payza scam prevention fraud atm cards

Three simple rules that help prevent ATM card scams.

Don’ts:

  • Never lend your card to anyone.
  • Do not write your PIN number on your card.
  • When disposing of old receipts and statements, don’t use public waste receptacles and be sure to destroy the statements so they are useless to identity thieves.
  • Never share your PIN with anyone, including a family member or bank personnel, or in response to online or email requests.
  • Never carry a copy of your PIN in your wallet or purse.
  • Never let anyone see you input your PIN.
  • Never use a PIN that could be guessed easily, such as your birthday or telephone number.
  • Never leave your card unattended; for example, in your car, hotel room or on your desk at work.
Payza scam atm security

These are definite ATM-card follies best to avoid.

More Resources

A victim of an ATM scam in India recounts her story (Basunivesh.com).

This article has more tips on how to protect yourself at the ATM (Krebs on Security).

Stay Secure and Use a Password for Your Payza Account that is Different From All Other Accounts

We want your account to remain safe.

Using the same, or similar, passwords online puts your account at risk—a risk that is easy to avoid.  

*********

password blog--email same as payzaPreventing security breaches is a top priority at Payza and we need your help to ensure your account remains safe from hackers. Your first line of defense is to use a strong and distinct password for your Payza account.

By distinct, we mean that your password to log in to Payza is different from your passwords for your email, social media, and other online accounts.

A common mistake is to reuse passwords because a security breach at one website can result in many online accounts being accessed by a cybercriminal.

If you reuse a password for your Payza account, please go change it now.

Changing your password is simple; here is how:

  1. Log in to your account.
  2. Click on your name next to your avatar in the top left corner.
  3. Select ‘Password’ and make necessary changes.

email password payza password distinct

Here we provide you with a guide on how to pick a great password and show how you can avoid common security risks by understanding how they occur in the first place. You will find at the end of this post additional resources about online security, scams and fraud.

password blog--no password remember formulaMemorizing complex passwords for all your online accounts is difficult and often frustrating. You can avoid this frustration and make strong passwords that are memorable if you use a strategy or “password formula”.

Consider this formula as an example: take the name of a website and replace letters in the name with a memorable word, and then add a sequence of numbers after a fixed set of letters.

So, “Payza” has two vowel “a”s; we can replace these vowels with a favorite color, say red, which makes the word “Predyzred”; then we can insert numbers after three letters, counting up from a favorite number, say 5. This results in a strong, distinct password generated by an easy to remember formula:

Payza password formula

By remembering the formula, you can figure out your password for any account (e.g., the same formula applied to a Twitter account would produce the password “Twr5edt6tre7dr”).

An added plus is that you can make a simple change to the formula, making it easy to change your passwords on a regular basis–e.g., count up from 6 instead of 5.

Indeed, you should change your passwords about once a month. So for this example, next month’s password for this Payza account will be:

password formula 2

Here are more excellent strategies and simple formulas for choosing strong and memorable passwords:

Invent your own password formula today; it’s fun.

 

Common ways hackers steal passwords and how you can protect yourself

Cybercriminals are very clever at finding ways to breach even the most complex online security systems. Even prominent government offices and corporations with extensive security systems, such as LinkedIn and Target, were recently embroiled in highly publicized security hacks.

At first it may appear that we have little control over these unfortunate security breaches; in fact, we all can take simple precautions to minimize the theft of our private information. Once again, changing your password on a regular basis is a great strategy to stop third parties from accessing your online accounts, especially since you may be unaware that a hacker acquired your user names, email addresses and associated passwords. Know that many hackers collect user names and passwords in order to sell them to other cybercriminals over the course of weeks, months, sometimes years; by changing your password frequently, you can render this hacked information useless before it is sold.  

 The second most important strategy is to remain vigilant when any online entity requests your password, especially when a site offers a reward or incentive.

 

password blog--free likes scamsA quick search on the internet will uncover countless sites that claim to have found “magical computer tricks” that enable anyone to acquire followers on social media or supercharge the search ranking of blog posts and online content–all for free.

Tempted by these rewards, unsuspecting internet users are directed to what looks like an official social media or website login page, where they are required to log in and then receive their reward. These login pages are in fact clone sites that record your user name and password.

 

Online payment platforms, including Payza, have identified similar scams that claim to offer simple computer tricks to instantly add free money to your account. Known as “money adders”, “hacks”, and “loot downloads”, we are certain that all of these sites are scams that never provide anyone with any benefit, especially not free money in their accounts. The take home message here is that you should only provide your Payza account information at our login page located at this web address:

log in address

If an unfamiliar avatar greets you, you know you are at the wrong site.

 

Stay vigilant and tell us about suspicious activity online

If you notice suspicious activity online or suspect an unwanted person has accessed your account, please report the problem to us so we can investigate immediately.

Our Fraud Prevention and Security Departments work hard to protect your account and personal information from cybercriminals. We appreciate your help in using great passwords and doing your part to ensure Payza’s payment gateway remains secure.

 

Additional resources

Want to know if unwanted people have access to your emails? Check if it is just you reading them!

See what popular online scams are circulating on the internet. How many do you recognize?

Read detailed descriptions of how hackers steal passwords and how you can prevent this from happening to you, here and here.

Check out these practical tips for online security written by our peers.

Here are previous posts on our blog and help desk about passwords.

Beware Payza Money Adder Hacks: This Is A Scam

Payza money adder scam

Has any Payza member ever received free money from a hack money adder?

No, definitely not.

Conduct an internet search with terms “payza hack” or “payza money adder” and you will find a plethora of listings; we are not alone: similar “hacks” exist for all major online money transfer businesses. All these sites advertise ways to get free money in your Payza account. It almost seems too good to be true.

Well, it is. Let us explain.

What is a “Money Adder” and “Payza Hack”

They go by a few names, mostly along the lines of Payza Money Adder, or Payza Money Generator, or simply, Payza hack.

Some look primitive in terms of design and promotion; others are very sophisticated with stylish design and branding. Some purported money adders are available as a mobile app, some only work on desktop. Many are associated with promotional videos on Youtube and social media, providing slick demonstrations on how simple and effective this hack is.

Has a Payza hack ever provided money to an account? No, never

Despite these differences, all money adders have one thing in common: they do not actually give you free money.

These money adders share another common trait: They are designed to trick you into providing your Payza Account details so that a fraudster can compromise your account.

We can say with absolute certainty that no one has ever received money in their account from a money adder or similarly purported hack. Our fraud prevention and customer support departments, however, are familiar with the need to freeze accounts that have been accessed by unwanted third parties. Our investigations indicate that third parties gained access to an account after the owner provided their login information to one of these money adder sites.

“FrEE INSTaNT MONEY! SIMPLY GIvE US YOuR PERSoNAL InFO! >:-)”

Embrace the advice from this popular expression: If it sounds too good to be true, it probably is.

We recently discussed Payza Money Adders and Payza Hacks on Quora. For a more detailed explanation of how this scam works, read our answer below.

Please stay vigilant so that, together, we can minimize the risks of online fraud.

Read Payza (official Company Account)'s answer to What is a Payza hack and money adder? Is it safe or a scam? on Quora

The (Net) Napoleon Complex: Small Businesses Lack Cybersecurity

During International Fraud Awareness Week, Payza is joining hundreds of other businesses and agencies in shining a spotlight on fraud in order to promote awareness, detection and prevention. Follow the Payza blog this week for insights on global fraud and tips on how to protect yourself and your business.

“Small and insecure” – this description has famously been attributed to Emperor Napoleon but studies are showing you can make the same claim about a new group, small business owners (SMBs). More and more SMBs are relying on the internet for daily operations, yet most do not apply the same anti-fraud measures they would use in a brick-and-mortar business. Without a real plan to protect their business from cyber crimes, this false sense of security can have dangerous consequences for both small business owners and their customers.

Perhaps SMBs are lulled into a false sense of security as cyber threats are less visible than a robbery– but the damage can be much greater. While more than three-fourths of small business owners are confident that their company is safe from online threats such as hackers, viruses or malware, a shocking 83 percent have no formal cybersecurity plan! What’s worse, a cyber attack that might be tough for even larger business to handle can often prove fatal to a smaller one.

As vice president of Americas Marketing for SMB at Sysmantec, Brian Burch sees first-hand the havoc that cyber attacks can wreak on a company. Almost 40 percent of the over 1 billion cyberattacks prevented by his organization targeted companies with less than 500 employees. If a smaller online company does not have an established internet security policy and a consistent practice for IT/security management, it may only take one well planned data breach to destroy the business.

While cybersecurity is everybody’s business, online business owners have the added responsibility of defending their websites against cyber criminals. The challenge facing many online businesses is finding the balance between a robust policy for protecting their clients’ personal and financial details that is also flexible enough to change with the growing needs of the business.

If your business works with online payment processing, it is especially important to have a policy in place to ensure that sensitive information is protected. These three quick tips are a great place to get started:

The 3 W’s of Your Sensitive Data: Make sure you can answer these questions before you start collecting sensitive data in the first place.

  • What type of information is your business collecting (names, addresses, identification information, etc)?
  • Where is this information kept?
  • Who has access to it?

Don’t Need It? Don’t Keep It: Once you have determined what information you intend to collect, evaluate whether you really need to keep it.

Choose a Secure Service: You can verify whether the providers you would like to use have been validated  as a secure payments system by accessing the PCI Council list.

Payza’s Protection

Here at Payza we understand better than most just how important cyber security is. Accessing online financial transactions by stealing personal data is a big target for cybercriminals, so we dedicate a major proportion of our resources to securing our system from cyber threats. Here are a few of the ways Payza’s fraud protection strategy keeps data secure:

  • 128-bit SSL encryption: All transaction data are filtered through a 128-bit Secure Sockets Layer SSL encryption. Our encryption system secures the personal and financial data of our members to prevent fraudsters from intercepting and exploiting your private information.
  • Website review for all of our merchants: Websites that use Payza Checkout Payment Buttons are screened via an in-depth website review to ensure that they comply with Payza’s standards. These security measures enhance the overall security of your account and our network, and help keep fraudsters out of our system.
  • FraudMatrix: our proprietary, state-of-the-art real-time monitoring platform, Payza is committed 100% to providing you with the most secure e-commerce experience.

As marketplace activities continue to move online, staying up-to-date on fraudulent cyber activities will be increasingly important. Following these established anti-fraud activities will keep your customers’ data safe and ensure that your online business does not become known as an easy target for criminals.

4 Spooky Cybercrime Stories (and How to Prevent Them From Happening to You)

It’s that time of year again! On Halloween, everybody loves a good spooky story, but at Payza we hear them all too often, and unfortunately they are real-life scares.

We wanted to share some stories and the tips to keep you safe from online scares.

Ritu and the disappearing bank account: Ritu was a housewife and mother of two living in Hertfordshire, UK. One day, she was surprised to find her bank account balance a little lower than expected. When she checked her recent transactions, she discovered some withdrawals that she didn’t make. The first ones were small, 10 or 20 pounds at a time. Within days the withdrawals grew to hundreds of pounds at a time.

She changed all her passwords and canceled her payment cards, but the unauthorized transfers didn’t stop. She didn’t know what to do- who do you turn to in a situation like this?

Don’t let it happen to you: Your best bet is always to contact your bank or financial institution once you spot a problem. They will be able to reverse any unauthorized transactions and will do their best to prevent future ones. You should also try to find the root of the problem: maybe your email account has been compromised or your computer is infected. Contact your email provider and run a virus scan with the most up-to-date antivirus to track down the source of the problem.

How Sandra’s browser exposed her to danger: Sandra, an HR professional, has been working desk jobs for over 10 years and has never had a problem in all her time behind a computer. Last summer the IT department at her office installed a critical update to her a computer, a patch for a newly discovered vulnerability in Internet Explorer.

Wanting to be sure that her computer at home didn’t have the same vulnerability, she searched online for information about it. She discovered a website that detailed the vulnerability and offered a patch for it, but knowing never to download anything from an untrusted source, she opted out of the download and went to Microsoft’s official site instead.

Unbeknownst to her, the original website she visited was bait for Internet Explorer users who still had the vulnerability. When she clicked “no” to opt out of downloading the patch, the website instead installed a keylogger on her computer, which records everything she types. The next time she logged into her online banking, the keylogger collected the name of her bank, her user ID, her password, the last four digits of her Social Security number and her mother’s maiden name. Several weeks later, her bank account was almost empty.

Don’t let it happen to you: The best way to protect your computer is by keeping your antivirus software and your internet browsers up-to-date. Make sure to install the updates from the source and be extra vigilant on sites you’re not familiar with.

Koby gets more than he bargained for: Koby, a middle school instructor, wanted to sell his car on an online auction site to make a bit of extra cash. Within days of putting up the listing, he found a buyer and received payment without any problems, so he took the listing down. The next time he logged into his account, he noticed the listing was still up, except with one crucial difference: the email address was incorrect.

Koby knew something was ‘phishy’, and he came up with a plan. He emailed the “seller” pretending to be a potential buyer and collected the information for where to send the money. He then gave this information to the FBI, who promptly tracked down the fraudsters and arrested them. They had collected Koby’s login information using a phishing email and reposted his listing in order to fraudulently collect payment from a gullible buyer for a car that wasn’t theirs to sell.

Don’t let it happen to you: Koby was lucky he spotted the signs of a phishing scam and was able to work with authorities to stop it. If you think someone has gotten access to your private information, contact the authorities immediately and give them as much information about the phishers as you can get.

The Koobface Gang: This last story didn’t happen to just one person, it happened to more than 800,000 Facebook users around the world. These people received fake Facebook messages which installed a worm that infected and took over their computers. This worm, known as the Koobface computer virus, allowed a group of five men in St. Petersburg, Russia, to collect $10,000 dollars a day from their victims before the virus was discovered and shut down.

While their tools have been dismantled, nobody in the Koobface Gang has been arrested.

Don’t let it happen to you: Learn the signs of phishing messages – even messages that come from your connections on social networks could be malicious. Hackers will take over accounts and send out spam to all of a person’s connections hoping to land a victim or two.

So next time you think to yourself “I’m sure nothing bad will happen” remember the stories you’ve just heard. Remember how important it is to keep your browser, firewall and anti-virus protection always up to date and to never leave an opening for the criminals.

And, most importantly, never share your personal information on any public page or with any website you don’t trust. Use an online payment platform like Payza to shop or send money online without sharing your financial information. Click here for more information on how Payza can help you stay safe online.

Choosing Good Security Questions and Answers

October is National Cyber Security Awareness Month, so this month we’ll be featuring blogs that focus on keeping your online information protected. For more information visit http://www.staysafeonline.org/ncsam and keep checking the Payza blog for tips on keeping your important data secure.

At Payza, security is our top priority. Not because it makes us look good, but because we care about your safety, and the integrity of our network. As a payment platform, we have a lot of highly sensitive information to protect, so we do everything in our power to make sure that hackers can’t get through the safety measures we have in place.

At the same time, when you signed up for your Payza account, you probably already knew that you can also take certain measures to protect your own online security. The best way to protect yourself is by choosing a secure, uncrackable and unique password for your account and not sharing it with anyone. Another way you protect yourself is by creating a secure Transaction PIN (the 4-8 digit numeric code you must enter before every transaction).

The final safety measure you should take is choosing the right security question and answer in case you ever need to reset your PIN.

If you are unsure about how to choose a strong security question and answer, then this blog is for you. Here are some tips on how to choose the right security question and answer for your account:

  • Select a question from the list that only you know the answer to: Stay away from the questions that many people would be able to answer about you. If you select “What was your first phone number?” think about how many people might actually know the answer to this question. If someone else also knows that answer, then you probably shouldn’t select that question.
  • Be careful how you enter your answer: The answer to a security question works the same way as a password, it’s case sensitive. This means that if you typed it in all lower case letters, you will have to provide the answer in lower case letters every time. Remember that you cannot reset your security question and answer so you will always need to enter the answer exactly the way you typed it.
  • Type a real answer: Choose a real answer to a real question rather than providing something like “dhgwijveknsw” as your answer. If you do create an answer like the gibberish just provided, you will need to remember it exactly as is.
  • Memorize your answer: This is the safest way to ensure that no one has access to this highly sensitive information. If you record it somewhere, like in a journal or in a folder on your computer’s desktop, anyone can come across this information and then use it for their own purposes.

For more information on Transaction PINs and security questions and answers, please see our comprehensive Frequently Asked Questions section.

Creating an Uncrackable Password

Key Factors to create uncrackable passwords

October is National Cyber Security Awareness Month, so this month we’ll be featuring blogs that focus on keeping your online information protected. For more information visit http://www.staysafeonline.org/ncsam and keep checking the Payza blog for tips on keeping your important data secure.

We are always telling our members about the importance of a good, strong password. We’re not trying to be annoying; we just really care about your online safety. Passwords are a serious business, and can be easily cracked by a hacker or fraudster if you are not careful about how to create them.

With that in mind, we want to offer you some step-by-step tips on how to create a password that cannot be guessed or cracked by anyone:

  1.  Use a different password for every online account you have: This is a rule of thumb that you should remember. Using the same password can result in the security breach of multiple online accounts, and that happens all the time.
  2.  Don’t use a word you can find in the dictionary: Try not to use real words, names, places, or important dates. Instead, think of a sentence that you’ll remember and break it down into an acronym. For example, “I love the Star Wars trilogy” can be converted into “iltswt”. It’s not a word that can be guessed, but you’ll remember it because it’s meaningful to you.
  3. Use a variety of upper case and lower case letters: With “iltswt”, try to use upper and lower case letters in unpredictable ways, like this: iLtsWt.
  4. Throw in some random characters and numbers: Doing so will add another layer of complexity and security to your password: iLt$W3*.
  5. Memorize your password: Try to avoid writing down your password or storing it where it might be discovered. Try your best to commit it to memory since that’s the only place that cannot be hacked or broken into… unless the movie Inception becomes a reality.
  6. Change your passwords every 6 months: This will further enhance your online security. If you are really against this because it seems like a hassle, at least do it for your online bank account and other highly sensitive online accounts.

You are now equipped to create a super strong password. So go to your Payza account, and reset your old password with a new one that will further protect your money and your personal information.
If you have any tips on online security you’d like to share with us, we’d love to hear them, go ahead and post them on our Facebook page: http://www.facebook.com/payzaglobal.

Learn more about Online Security

“Smishing” and “Vishing” – not just funny-sounding words

October is National Cyber Security Awareness Month, so this month we’ll be featuring blogs that focus on keeping your online information protected. For more information visit http://www.staysafeonline.org/ncsam and keep checking the Payza blog for tips on keeping your important data secure.

We’ve all heard about phishing scams, right? A crafty con artist reaches out to you under the guise of your trusted financial institution and urges you to divulge highly sensitive personal information, such as your Social Security/Insurance Number, home address, bank account numbers, passwords and PINs.

Well, there’s a newer form of scam that bears a major resemblance to phishing – it’s called “smishing”. Go ahead – laugh at the name. The name sounds funny but if you fall victim to the scam you won’t be laughing anymore. Smishing is similar to phishing in that the person behind it poses as your bank, or other trusted institution, and  tells you that they need to confirm your bank account number as a matter of great urgency. But rather than conduct this nasty little bit of trickery through email, they do it through SMS text messaging.

Text-messaging is the most commonly-used non-voice mobile phone feature,  if you’re unfamiliar with this scam it’s easy to get taken, and that’s the reason for its rising popularity – as many as 30 million smishing messages are sent to cell phone users in the U.S., U.K. and Europe alone. That’s a lot, and it’s on the rise. But why is this scam suddenly so popular? Most people see their mobile phone as an inherently safe piece of technology, but they are essentially miniature computers that need as much protection as a laptop or desktop because they are just as susceptible to malware and phishing attacks.

Luckily, you can protect yourself with a little effort and technical know-how. Here are some tips to follow:

  • Don’t click on any links in the suspicious SMS. They will likely lead you somewhere you don’t want to be, or can act as a conduit for malware and other threatening annoyances.
  • Directly contact the institution that has allegedly sent the SMS, and confirm with them that they sent it.
  • Forward smishing texts to “7726” so your cell phone provider can mark it as abuse.
  • If you’ve already fallen victim, you can contact 1-877-HELP (4357),the Federal Trade Commission (ftc.gov), or any other government office applicable in your country.
  • Because most Smishing attempts actually come from the internet and not from a cell phone, you can also look into the “block texts from internet” feature. Some cell phone providers offer this kind of service.

The best tip we can give you is the most effective one: listen to your gut. If something inside of you tells you that a particular SMS is suspicious, heed the warning and delete, delete, delete. Or just ignore.

There’s another form of phishing – called vishing – that involves voicemail rather than email or SMS. A scammer might leave a message on your voicemail posing as a representative from your bank or another company/institution asking you to call them back or email them with – you guessed it – some personal information. Keep in mind, your bank would never ask for your information this way, and neither would your cell phone provider or any legitimate government office.

Some vishers bypass voicemail altogether, and will speak to you directly and ask for this information. Some of them can be very convincing and persistent, so the moment you sense something weird, just hang up. Don’t even worry about being polite. You should call the actual company you deal with and ask them if they just contacted you about such and such an issue. More often than not, they won’t know what you’re talking about.

References