Information Security – Credit Card Fraud

Data Breach Lawsuits Continue to Fill the Courts

by

Data breach litigation continues to fill the courts in all stages, with a new class action filed against Tempur Sealy International and the dismissal of a suit against Barnes & Noble.
In the new action, New York resident Michelle Provost claims that Tempur Sealy (and Aptos Inc., the company’s website host) failed to appropriately safeguard customers’ personal information.
The defendants’ poor data security practices and decision not to abide by best practices and industry standards resulted in a February 2016 breach that compromised sensitive consumer data, including names, addresses, email addresses, telephone numbers, and payment card account numbers and expiration dates, the plaintiff alleged.
“Defendants allowed widespread and systematic theft of their customers’ personal information,” according to the complaint.
“Defendants’ actions did not come close to meeting the standards of commercially reasonable steps that should be taken to protect customers’ personal information.” The defendants also waited too long to disclose the extent of the breach and notify affected consumers in a timely manner, Provost claimed.
The plaintiffs’ third effort was not the charm, despite the fact that they dropped some claims and added factual allegations about their injuries, namely that one had her bank account put on hold, had to spend time with police and bank employees sorting out her financial affairs, lost the value of her personally identifiable information (PII), and suffered emotional distress because she had to renew her credit monitoring service to protect against future fraud.
The plaintiff alleged that the data breach only played a part in her decision to renew the service, “and thus this alleged injury is still insufficient to state a claim.” Granting the defendant’s motion to dismiss, Judge Wood said further opportunities for amendments to the complaint “would be futile,” dismissing the suit with prejudice.
To read the order in In re Barnes & Noble Pin Pad Litigation, click here.
Why it matters: The cases demonstrate the challenges facing data breach cases—the difficulties of establishing standing as well as stating a viable claim, as found in the Barnes & Noble litigation.
Despite these uphill battles, plaintiffs (like those in the suit against Tempur Sealy) continue to file class actions.

9 Crucial Tips to Protect Your Small Business From Credit Card Fraud

by

9 Crucial Tips to Protect Your Small Business From Credit Card Fraud.
Processing credit cards for your small business is pretty much a given these days.
An Address Verification System (AVS) is a tool used by banks and credit card associations.
The issuing bank can then verify when a merchant makes an authorization request.
There could be instances, like when a customer moved and hasn’t updated their address yet.
Also, AVS is only available from banks and not payment software or gateways.
Reviewing the following before processing a payment: Orders that have several of the same items – especially when it wouldn’t make sense to purchase multiples.
In layman’s terms, tokenization replaces numbers with a token.
If the card is not present, and you suspect fraud, don’t hesitate to call your credit card processor, bank, and even the local authorities.
Make sure that you frequently stay updated and informed on the latest credit card fraud tactics.

Banks consider changing security codes on debit and credit cards every hour to foil online fraudsters

by

The development is encouraged today in a National Audit Office report that warns police forces are not doing enough to tackle the growing threat of online fraud.
The NAO said new cards with changing numbers could be “a positive step, as the re-design may help to stop an increase in online card fraud.
Data threat | Five tricks hackers use to steal your bank details Using fake “free” WiFi networks to steal passwords Guessing obvious passwords like “123456” Social media stalkers who find out when you’re on holiday, using Facebook Dodgy apps that trick you into giving away data using in-app permissions Fake emails pretending to be from well-known brands – like Amazon or eBay The NAO said the issue was “not yet a priority” for all local police forces and the problem had been overlooked by government, law enforcement and industry.
Almost two million cyber-related fraud incidents were estimated to have taken place in a year and the cost is likely to run into billions of pounds, the NAO said.
He said the Home Office, while not solely responsible for tackling the issue, was the only organisation that could oversee the system and lead change. “At this stage it is hard to judge that the response to online fraud is proportionate, efficient or effective.”
The report said: “Fraud is now the most commonly experienced crime in England and Wales, is growing rapidly and demands an urgent response. “Yet fraud is not a strategic priority for local police forces and the response from industry is uneven.”
Cyber crime What is the NCA’s advice to UK internet users?
Members of the public are reminded they should be vigilant and not open documents in emails, or click on links, if they are unexpected or if they are unclear about its origin.

BBB tips on avoiding vacation rental scams

by

BBB tips on avoiding vacation rental scams.
Some victims have found images of their home being offered as a vacation rental online.
If you get an email about a vacation rental, check the sender’s address.
While paying with credit card is the smart way to go, never share that information by email.
Search a reputable home sharing website or app.
Verify companies’ legitimacy by searching at bbb.org.
Most home sharing companies vet the individuals who post their property for rent on their sites.
Do an online search on the owner’s name, the property address, and even do an image search to ensure the photos are not from a magazine or stolen from another listing.
Look at different listings before making a reservation, paying a deposit or putting a credit card on file.
Look for misleading reviews that may be posted by the scammers.

How to Protect Your Child From Identity Theft

by

How to Protect Your Child From Identity Theft.
Brill: Unfortunately, in many cases you find out the hard way.
Either your kid eventually applies for credit and discovers he has a terrible record, or someone has been using your kid’s information for something like W-2 fraud, using it to work when they’re not supposed to be working, and a year and a half later your child gets a nasty letter from the IRS saying, “We have W-2’s for you, why haven’t you filed your taxes?” Or your kid looks to go to college, and the college says, “Why do you owe AmEx $37,000 on a credit card, and why do you have bankruptcies on your record?” It can cause problems for the kid, and for parents who want to protect the identity of the of kid.
Another thing we see that is also scary is how criminals use your kid’s identity to get medical services for another kid.
Lapidus: Also, you have teenagers applying for jobs in the summer, and with a lot of applications they have to give their Social Security number.
What kind of cybercriminals are we talking about?
But if the place where the data is stored hasn’t done the security basics, they can run an attack that might get them that data.
Aside from warning your kids , what can a parent really do?
The first question to ask a company is how are you protecting my kid’s data?
And you want to monitor your kid’s Social Security record just as you would for an adult to see if anything is reported.

Make sure your wedding plans go without a hitch with scam advice

by

Make sure your wedding plans go without a hitch with scam advice.
All of these transactions are potentially liable to fraudulent action by scammers.
l Obtain a physical address and contact details for the vendor and verify this information.
l Obtain a contract before paying money for services.
Fully read and understand what is offered before applying a signature and note the terms of cancellation.
l For services such as wedding photography, beware of websites using fake images.
Look for inconsistencies in style, meet the photographer, and ask to view sample albums.
Trading standards officers also advise paying for services by credit card, as they offer protection for single item purchases above £100 and below £30,000.
Even if a company goes into liquidation before the big day, a refund can be claimed through the credit card company.
Always take precautions and research that the options available are genuine when spending large sums of money on services.” For advice, or to report any problems to trading standards officers call 03454 04 05 06.

The New Rules of Identity Theft Protection for Employees

by

The New Rules of Identity Theft Protection for Employees.
And the child continues showing up on her pharmacy records as a dependent.
“To this day, I don’t know if my name is in the baby’s medical record,” she notes.
Her insurance information had been stolen and used by someone else to obtain medical care.
But medical identity theft also poses a serious risk to employee health.
Medical identity theft is thus, above all, a quality-of-care issue.
While medical identity fraud is the fastest growing type of identity crime, identity theft generally continues its march unabated.
The number of US data breaches recorded in 2016 set an all time high of 1,093—a 40 percent increase from 2015, notes an authoritative Data Breach Report by ITRC.
For an employer to fully protect its employees, health insurance information will require the same attention and care that financial institutions have offered to their credit card customers.
For more information about how to help your employees protect themselves from identity theft, don’t miss Kevin’s session, How the Growing Threat from Medical Identity Fraud Puts Your Employees & Company At Risk—And What You Can Do About It only at the 9th Annual Employer Healthcare & Benefits Congress, October 2 – 4 in Los Angeles.

How the High-Risk Processing Industry Can Combat the Costly Surge in Card Testing Fraud

by

This testing explosion is driven by the need of criminals to quickly identify which stolen credit card numbers are active before customers discover the theft and close the account.
The high-risk processing industry is especially susceptible to these issues since many merchants operate in the less-secure card-not-present online environment.
But, not only does automated card testing reveal which cards can be used to make fraudulent purchases, it also creates secondary problems for merchants.
The first order problem for merchants is that unless they actively employ fraud prevention tools to combat card testing they leave themselves open to fraudsters making large purchases that customers will contest.
Over time the mishandling of these false positives can have a serious negative impact on a merchant’s brand.
That requires security software tuned to the patterns that indicate card testing is being attempted.
Other solutions include apps that can identify when transactions are coming from human buyers rather than automated scripts or bots.
High-risk merchants should look for processing solutions that include state-of -the-art fraud prevention software.
Wrap Up The false positives created by the surge in card testing fraud are hurting the high-risk payments industry.
Merchants and processors need to take significant steps to combat fraudsters who use sophisticated software automation to identify card numbers they can use to make illegal purchases.

E-commerce fraud losses down 35%

by

E-commerce fraud as a percentage of sales dollars has been declining since the first quarter of 2016.
For the report, fraud was examined across the industries of alcohol, tobacco and cannabis; apparel; consumer electronics; cosmetics and perfumes; department stores; furniture, appliance and home improvements; health, leisure and hobbies; jewelry and precious metals.
And while e-commerce fraud has been declining in most, the two exceptions are department stores and jewelry and previous metals.
According to the study, the use of machine learning as prevention is one of the reasons for the decline in fraud losses, amounting to a total decrease of almost 35% from Q1 2016 to Q1 2017.
As the number of individuals who have had their credit card details stolen continues to rise, more and more consumers are aware of the risks.
“So much so that consumers are less surprised and more commonly annoyed by this form of cybercrime.
With banks and card issuers managing these instances on a regular basis, most consumers know they are protected but that they will suffer inconveniences due to this fraud for a few weeks or possibly even a few months,” a spokesperson from PYMTS told FierceRetail.
According to PYMTS, over the past year, retailers have grown their investment in fraud prevention in both scale and quality.
As retailers continue to see more of their sales coming from their online stores, they have become painfully aware of the lack of protection that have against credit card fraud online, whereas they are (almost) fully protected with EMV in brick-and-mortar sales over the counter.
This combination of desired features helps explain the rise in demand for Guaranteed Fraud Protection as retailers leveraging this service will never pay a chargeback (per the guarantee) but are also assured they will see more orders accepted since the solution provider is only paid for accepted orders.

What You Need to Know About Identity Theft Protection

by

What You Need to Know About Identity Theft Protection. “While certain credit card companies have their own identity theft protection, it is only for that account and does not cover other accounts.
Americans who have ID protection tools and services seem to agree. “There’s no doubt in today’s market that there will continue to be huge data breaches and that your personal information is at risk,” Boyle says.
SMALL INVESTMENT, BIG POTENTIAL.
TheStreet’s Stocks Under $10 has identified a handful of stocks with serious upside potential.
Most identity theft protection services offer “monitoring,” Siciliano says. “But they don’t say what they monitor or how they monitor or what benefit that monitoring will provide you.
SMALL INVESTMENT, BIG POTENTIAL. “An identity theft protection service should inform you when your personally identifying information, such as your name, Social Security number, or credit or debit card number, are used to commit fraud or other crimes,” he says.