Being Smart About Smart Phone Apps

Just got an invitation via text message to download a hot new app for your phone? It’s free and it does some really cool stuff. But is it real?

It may not be. Scammers have been sending text messages lately convincing people to install apps that turn out to be malicious. They even use names of reputable companies to try to fool you in believing that it’s a genuine offer.

Never install anything from a text message unless you initiated the search. Always download your smart phone apps from the official app stores like iTunes and the Google Play store, and skip unknown sites no matter how great they sound.

How to Protect Yourself from Ransomware for Only $2 a Month

Cyber criminals have increased their use of ransomware attacks in the past couple of years.  The WannaCry attack affected more than 200,000 users in 150 countries, and yes – it made many of them cry.

Ransomware is a piece of malicious code that encrypts all your files and locks you out of them.  Cyber criminals then attempt to extort money from you – either pay them or you’ll never see your files again.  It is estimated that 4,000 ransomware attacks occur each day.  By the end of 2017 global loss will reach $5 billion.

A good preventive measure is an automated backup solution.  However, if you’re using a physical external drive to back up your files, it will most likely be infected with the ransomware, too.  The solution?  An online backup service, which costs a little as 2 dollars a month.  If you aren’t using one – start today.

EMV Is Supposed to Help Eliminate Fraud with Credit Cards… But We’re Not There Yet

(This article originally appeared in Loss Prevention Magazine)

Fraud with credit cards decreased in the UK after the rollout of EMV. So what’s the problem here in the US?

Fraud and cyber security have never been more on the forefront of asset protection professionals’ list of things that keep them up at night than they are today. With the introduction of the EMV chip, we were hoping to get a little bit more sleep at night. However, the EMV isn’t exactly “new” technology; it’s decade old, and the bad guys already can defeat it. EMV was first developed in 1994 as a way to mitigate credit card fraud, but before we get too deep in the issue at hand, let’s start with some basics.

EMV Basics

EMV was originally implemented to try to solve fraud with credit cards and to better protect a customer in the omni-channel environment. EMV stands for Europay, MasterCard, and Visa. EMV cards are typically used in three ways for transactions: smart cards, chip and PIN, or chip and signature. An EMV chip and PIN card creates a unique code for each transaction and (ideally) requires the consumer to enter a personal identification number (PIN) associated with the card instead of relying on a signature. Chip-enabled cards store their information in an integrated circuit as opposed to the magnetic strip that was patented over fifty years ago in 1966. Hopefully, that fact sets the frame for you as to why our old pay methods were so easily pirated by bad actors. To comply with many stores’ legacy systems, the EMV-chipped cards are backward compatible to still use the magnetic strip.

Those who have updated their systems now have customers “dip” or place the card into a reader for a moment of time, and the information is accessed off of the integrated chip. The consumer is then prompted to either include their signature or put in a PIN—hence, chip and PIN or chip and signature. This is meant to alleviate some of the more basic methods of gathering card information like skimming.

The Challenges

Not many associates are familiar enough with your signature to verify that it is yours. The FBI released a survey that basically said EMV (chip and signature) was not going to solve the problem. The United States needs to deploy chip and PIN for EMV to reach its full effectiveness.

Research coming out of the UK shows that after the move to chip and PIN, counterfeit card fraud losses in the UK decreased almost two-thirds from 2005 to 2013. In that same time span, fraud losses from lost or stolen cards decreased over 40 percent. While the result is significant overall, fraud cases increased year over year in other channels.

However, the lessons learned in the UK may not be an accurate representation of how the EMV chip will behave in the US. More than half of all card fraud occurs in the United States. In 2015, the United States was responsible for 47 to 60 percent of the world’s card fraud, while only accounting for 24 to 30 percent of total worldwide card volume. To further obscure the issue, in 2005 there was no buy-online-pick-up-in-store, curbside-pickup, someday-deliver, or other omni-channel program the way they exist today—another reason the UK results probably won’t paint a clear picture.

The other problem is data breaches in the United States. There were about 1,093 data breaches in 2016, about a 40 percent increase from the year prior, according to the Identity Theft Resource Center. The breaches affected data records from the business sector (including retail), the healthcare/medical industry, and the education sector, among others. This is a problem: more info to the bad guys equals more counterfeit cards and IDs. In 2014, over 75 percent of reported data breaches worldwide were reported in North America. Forty-seven percent of fraudulent cross-border transactions on UK debit cards occurred in the United States in 2014. My point is the United States has and will continue to have more fraud than any other country.

In the Loss Prevention Research Council’s fraud working group, we cover EMV and many other topics related to fraud with credit cards. As with most topics, multiple heads are better than one, and it is exceptionally beneficial if those heads also happen to have decades of fraud experience.

A slim security tag is shown inside the pocket of an open wallet.

The World’s First EAS Tag for Leather Goods Just Released by CONTROLTEK

HAYWARD, Calif., (August 10, 2017)CONTROLTEK, an emerging leader in retail product protection, announced the release of the first EAS tag made specifically for small leather goods.  The self-alarming tag dubbed the FlatGuard™ is slim enough to fit inside a wallet and other merchandise too small for classic EAS tags, yet still provides strong visual deterrence and a 90 dB anti-tampering alarm.

“Small leather goods are notoriously difficult to protect,” said Tom Meehan, CONTROLTEK’s Chief Strategy Officer and Chief Information Security Officer.  “They are easily removed off the shelves and hidden in pockets and under clothes.  At CONTROLTEK, we thought it was about time someone tried to solve this problem, so we did it.  Our new FlatGuard is exactly what the name says – a very flat tag that easily fits inside wallets, purses and other similar merchandise.  Since the tag is so slim, it does not detract from the shopping experience.  Inside it has both an EAS ferrite and an anti-tamper alarm.  The FlatGuard is very easy to place on merchandise – much like sliding a credit card in the wallet.  It detaches with a magnetic detacher, and we made that process also very quick and simple in order to make the cashier’s life easy.”

“In keeping with our customer-need-driven innovation process, we showed the prototypes of the FlatGuard to some of our retail partners at NRF Protect and got very positive feedback,” said Steve Sell, CONTROLTEK’s Vice President of Global Sales and Marketing.  “The most common comment was that this is finally something original when it comes to tags, since there is really no other tag on the market with a similar design.  The anti-tamper switch is so simple yet ingenious.  And there are no pins, so no holes are poked in the merchandise.  Best of all, we are able to produce the FlatGuard with high quality materials but still at a price point that makes sense.”

More information about the FlatGuard, along with pictures and a downloadable data sheet, can be obtained at CONTROLTEK’s website.