ATM Security: Some Helpful Dos and Don’ts

Atm fraud prevention scam card skimmer

Simple actions help ensure ATMs are both convenient and safe.

Both average citizens and criminal minds adore the convenience of Automated Teller Machines (ATMs). With the growing ubiquity of ATMs around the world, the emergence of cunning card scams that defraud ATM users are becoming all too familiar. Meanwhile, at the ATM most citizens remain unaware of the risks of tossing their card statements in the garbage on the street corner and appear aloof when entering their PIN number in full view of strangers passing by.

Though ATMs have been around for a while now, we all can benefit from a friendly reminder of the Dos and Don’ts when using ATMs and how best to keep our ATM cards safe.

Security guidelines for your ATM card

Dos:

  • Sign your name on the strip on the back of your card as soon as you receive it.
  • First use of the card must be at an ATM, otherwise it will not work at Point of Sale (POS) at a store.
  • Memorize your personal identification number (PIN) and never share it with anyone.
  • Store your card in a secure place where you will know immediately if it goes missing.
  • Beware of “shoulder surfing”: shield your PIN from onlookers by using your body and hands. Once you complete your transaction, be sure that you have your card and your receipt, then leave immediately.
  • Make a new PIN as soon as you receive your card. Change your PIN every three months.
  • Store your bank card with care so that you do not damage the magnetic stripe.
  • Check your ATM machine for signs of any external fittings or loose wiring; these may indicate you are using a scam ATM machine. Report suspicious ATM machines to the bank and use another ATM.
  • Check your monthly bank statement for unusual or unauthorized transactions. Report any suspicious or unfamiliar transactions to your bank immediately.
  • Ensure your card is swiped in your presence at a POS.
  • Immediately inform your financial institution if your card is lost or stolen.
payza scam prevention fraud atm cards

Three simple rules that help prevent ATM card scams.

Don’ts:

  • Never lend your card to anyone.
  • Do not write your PIN number on your card.
  • When disposing of old receipts and statements, don’t use public waste receptacles and be sure to destroy the statements so they are useless to identity thieves.
  • Never share your PIN with anyone, including a family member or bank personnel, or in response to online or email requests.
  • Never carry a copy of your PIN in your wallet or purse.
  • Never let anyone see you input your PIN.
  • Never use a PIN that could be guessed easily, such as your birthday or telephone number.
  • Never leave your card unattended; for example, in your car, hotel room or on your desk at work.
Payza scam atm security

These are definite ATM-card follies best to avoid.

More Resources

A victim of an ATM scam in India recounts her story (Basunivesh.com).

This article has more tips on how to protect yourself at the ATM (Krebs on Security).

How to Avoid Cybercrime

Crime is not going away. The market for online shopping keeps growing and more and more criminals are taking notice. We have to be as vigilant as ever when shopping online if we don’t want to fall victim to all the cyber-criminals out to cause mayhem and profit off of unwitting shoppers.

Here are a few precautions you can take in order to shop online and keep out of harm’s way:

  1. Educate yourself. Start surfing the net for news and trends surrounding cybercrime. The more you know about the latest cybercrime trends and safety measures, the better able you will be to protect yourself.
  2. Verify information requests. When you get an email from a company with which you are doing  business and they are asking you for personal information, contact them directly from a different email or by phone (using official contact details that you have on file) and ask if they sent you the info request email. It may be a phishing email spoofing their company to get at your personal details.
  3. Be careful with WiFi. Anytime you use a public unsecured WiFi network, you risk exposing your personal details to third parties. The person sipping on that cinnamon latte in front of you at the coffee shop could be infiltrating your smartphone or laptop. It’s best to avoid using unsecured WiFi altogether.
  4. Buy from credible merchants/websites. Avoid buying from sites you know nothing about. If it’s a big company with lots of reviews, then they could be legitimate, but if you’ve never heard of the website or company before, and cannot find any customer reviews, just stay away for your own safety.
  5. Watch out for risky investment programs. If it sounds good to be true, it probably is. When you give your money to a program that “guarantees” a huge return on your investment, don’t expect to ever see that money again.
  6. Keep your software up-to-date. The same goes for your smartphone as it does for your laptop or desktop computer. Always make sure you’re protected from malware and other threats by making sure you have the latest version of your anti-virus software and always keeping your web browser up-to-date.
  7. Make sure transactions are secure. There are a couple ways to do this. On the transaction page, make sure you can see a little key or lock icon in your browser window, and that the web address starts with “https”. You can also transact through a payment processor like Payza – we use SSL encryption to keep your transactions 100% secure at all times.

Share your on tips about staying safe online! Leave a comment below or join the conversation on our Facebook and Twitter pages.

To learn more about how to shop online safely, visit the Payza Security Center.

Mobile Payments Increase Fraud Costs for Merchants

Payza Online Mobile Payments

October is National Cyber Security Awareness Month, so this month we’ll be featuring blogs that focus on keeping your online information protected. For more information visit http://www.staysafeonline.org/ncsam and keep checking the Payza blog for tips on keeping your important data secure.

Merchants who accept both mobile payments and conventional payments end up paying more for fraud than merchants who only accept conventional payments according to the 2012 LexisNexis “True Cost of Fraud” study, conducted by California-based Javelin Strategy & Research.

Javelin and LexisNexis compiled their data by surveying over 1000 fraud-control executives across a wide range of companies of various sizes and industry segments.

Mobile payments are still a relatively new way to pay for products and services, and only a small volume of transactions are done though mobile means. However, 6% of the merchants surveyed this year already accept mobile payments, up from the 4% who accepted mobile payments in 2011 according to the merchant data collected by LexisNexis. That’s a 50% increase in the percentage of merchants who now accept this new form of payment. Furthermore, this year’s number represents a 500% increase from the 1% of merchants that reported accepting mobile payments in 2010! The trend is clear, more and more merchants are adopting mobile payments every year.

But more payment options for customers can translate into a higher risk of fraud for merchants. For example, the study shows that mobile-accepting merchants suffered a true loss of $2.83 for every dollar of fraud in 2012; that is 40% higher than the $2.00 true cost for every dollar of fraud in 2011. Also, all merchants (not just mobile-accepting), experienced an average loss of $2.70 for every dollar of fraud in 2012; this is up from $2.30 for every dollar in 2011. Each incident of fraud is becoming more costly for merchants of all types, but especially for those that accept mobile payments.

Although mobile-accepting merchants have to deal with several different types of fraud, “friendly fraud” appears to be at the forefront.  So-called “friendly” fraud can occur when a person makes a payment for a product, gets what they pay for, but contacts their credit card issuer for a chargeback anyway. According to the study, 26% of fraud committed against mobile-accepting merchants is friendly fraud, compared to the 20% friendly fraud rate for non-mobile merchants. Some fraudsters are shifting more attention to merchants that use a wider variety of payment methods, including mobile browser payments, text (SMS), bill-to-mobile phone and contactless mobile payments. The more options that a merchant offers, the more types of fraud that can be committed through the options they support.

One reason mobile fraud is becoming popular is what Jim Van Dyke of Javelin refers to as the “complexity factor”. When merchants open more payment channels, verifying a client’s identity becomes increasingly difficult. This means merchants have to be more vigilant and put stricter anti-fraud measures into place in order to prevent fraud. That translates into more work for merchants, but not all retailers see the value in this extra effort. According to the report, only 2% of all merchants admitted to being concerned about mobile security.

Clearly, merchants need to be more proactive where mobile payments and fraud are concerned. Although the availability of various payment options may invite more customers, and hence more sales, merchants need to be aware of the risks of accepting new payment methods and be proactive in their fraud mitigation efforts. In other words, they need to start being concerned about mobile security and the increasing risk of fraud targeting mobile-accepting merchants.

For more information, you can find the LexisNexis 2012 True Cost of Fraud Report here (available for download). You can also read the LexisNexis press release for a brief breakdown of their findings.

5 Ways to Protect Yourself from Hackers

October is National Cyber Security Awareness Month, so this month we’ll be featuring blogs that focus on keeping your online information protected. For more information visit http://www.staysafeonline.org/ncsam and keep checking the Payza blog for tips on keeping your important data secure.

“Black hat” hackers–the kind who thrive on finding and exploiting computer security weaknesses– are an active and foreboding bunch, lurking on the internet. They’re always looking for new and creative ways to break into unwitting people’s computers and steal their information via malicious software (a.k.a. malware). Whether you’re computer savvy or a self-proclaimed Luddite, you’re not immune to a hacker’s damage.

To help avoid becoming a victim here are 5 things and tips to remember when surfing the internet:

1. Social media: Thanks to the popularity of social media websites like Facebook, Twitter and LinkedIn, hackers have an easy way to target their victims. They can stalk people’s public social profiles to find out their interests (and weaknesses). With that information hackers are able to cater messages to offer something “irresistible” to entice their victims into divulging their personal information and downloading a malicious program.

For example, you might post that you are interested in travel, and then receive a private message on Facebook that offers free or cheap tickets to your dream destination (which, coincidentally, you’ve mentioned many times on your profile). All you have to do to score the tickets is click on the link provided. You will either unwittingly download malware or launch a malicious program, or be prompted to provide personal information that can be used against you.   

Tip: Don’t click any links in messages sent by people you don’t know. Even if a link is sent from someone you know, keep in mind that if the message doesn’t sound like them, it isn’t from them. To be safe, don’t click on any links for “offers” that seem too good to be true. Adjust your privacy settings in your profiles to limit what information can be seen publicly.

2. Mobile phone malware: Hackers have found a new gold mine for getting people to download malware, mobile phone apps. Usually mobile phone malware comes in the form of a Trojan horse–a type of malware that poses as one thing but is something entirely different. For example, an app that claims to be a cheap or free game, book or product from a publisher you do not know, but instead of doing what you thought it would, it installs malware on your mobile phone to capture personal information, passwords and more.

Tip: Install an anti-virus program onto your mobile phone, and stay away from apps by people and companies you’re not familiar with. A free app may sound cool, but don’t throw caution to the wind… you may pay dearly for it later.

 3. Online Gaming: Online gaming has become a rich resource of malware in recent years. Many online games that have been corrupted are for children, hackers are infecting educational gaming websites with malware because children are more likely to click indiscriminately. As despicable as this practice is, don’t expect hackers to stop anytime soon, just be extra vigilant when it comes to online gaming.

Tip: Echoed in almost all of the aforementioned tips, an up-to-date and regularly updated anti-virus program is indispensable. If your children use the computer often to play games, it is helpful to monitor their usage and teach them about online safety. Microsoft has some informative content for parents and children.

4. Ransomware: Some hackers have the ability to sneak a type of social engineering malware called “ransomware” onto your computer through a file or a network vulnerability. A hacker will hold your computer “ransom”, threatening to erase your files unless you pay a fee. They may even pose as an authority and tell you that questionable or illegal content has been detected on your computer and that you must pay them to remove it for you.

Tip: There is no way of knowing if they are telling the truth or if they will actually harm your computer or not. Sending money, will NOT fix the problem. If your computer becomes frozen, get a professional to fix it. Then get a good anti-virus and firewall program. There are free options available online, but make sure to read the reviews before installing a program.

5. “Hacktivism”: “Hacktivists’ are a special breed of hacker with a political and/or social agenda who uses their technological know-how to protest. Some claim to have the greater good in mind (like universal free speech and human rights); others have more anarchistic and destructive goals, which can put the general public at risk. “Anonymous” is one of the more well-known hacktivist groups famous for their Distributed Denial of Service (DDoS) attacks and threats against governments, corporations and other organizations.

If these “vigilantes”, as some call them, have our rights in mind when they target governments and corporations, should we worry about our personal security? Yes, because your personal data is often compromised. If a hacktivist group compromises the security of a government website, whose information do you think they’ll have? Yours. Not knowing what they plan to do or what their intentions are regarding this information is a threat to your security.

Tip: Be aware of and informed about what hacktivist groups are up to. Governments, corporations and organizations use the best security measures to protect your information, but that doesn’t mean you shouldn’t stay informed.

For more information on how to protect yourself and your computer from these types of attacks, have a look at these articles:

Creating an Uncrackable Password

Key Factors to create uncrackable passwords

October is National Cyber Security Awareness Month, so this month we’ll be featuring blogs that focus on keeping your online information protected. For more information visit http://www.staysafeonline.org/ncsam and keep checking the Payza blog for tips on keeping your important data secure.

We are always telling our members about the importance of a good, strong password. We’re not trying to be annoying; we just really care about your online safety. Passwords are a serious business, and can be easily cracked by a hacker or fraudster if you are not careful about how to create them.

With that in mind, we want to offer you some step-by-step tips on how to create a password that cannot be guessed or cracked by anyone:

  1.  Use a different password for every online account you have: This is a rule of thumb that you should remember. Using the same password can result in the security breach of multiple online accounts, and that happens all the time.
  2.  Don’t use a word you can find in the dictionary: Try not to use real words, names, places, or important dates. Instead, think of a sentence that you’ll remember and break it down into an acronym. For example, “I love the Star Wars trilogy” can be converted into “iltswt”. It’s not a word that can be guessed, but you’ll remember it because it’s meaningful to you.
  3. Use a variety of upper case and lower case letters: With “iltswt”, try to use upper and lower case letters in unpredictable ways, like this: iLtsWt.
  4. Throw in some random characters and numbers: Doing so will add another layer of complexity and security to your password: iLt$W3*.
  5. Memorize your password: Try to avoid writing down your password or storing it where it might be discovered. Try your best to commit it to memory since that’s the only place that cannot be hacked or broken into… unless the movie Inception becomes a reality.
  6. Change your passwords every 6 months: This will further enhance your online security. If you are really against this because it seems like a hassle, at least do it for your online bank account and other highly sensitive online accounts.

You are now equipped to create a super strong password. So go to your Payza account, and reset your old password with a new one that will further protect your money and your personal information.
If you have any tips on online security you’d like to share with us, we’d love to hear them, go ahead and post them on our Facebook page: http://www.facebook.com/payzaglobal.

Learn more about Online Security