Secret Service and Homeland Security Warn That 1,000 Businesses May Have Threats of Credit Card Stealing Malware 3184


creditcard

 

The PCI (Payment Card Industry) Council issued a document relating to credit card stealing malware.  The document states that the United States Secret Service and the Department of Homeland Security issued a statement that over 1,000 business could have been affected by malware called “Backoff”.  This malware is typically installed on POS (Point of Sale) systems which are the same systems that you use to swipe your credit card at stores for purchases.  Major breaches are now happening almost weekly (or more often).  The last couple weeks UPS, Dairy Queen, JP Morgan / Chase.  These 1,000 businesses that the US Secret Service and the Department of Homeland Security issued the warning about are most likely businesses that you shop at.  This past June, we wrote an article on how to protect yourself as much as possible on breaches like this.  Because of the the regularity of breaches lately, we thought we would share the information on that article again.

Here is the article we wrote in June.  Keep in mind all of the breaches that have happened just since then.

In the last year, some of the biggest breaches in history have occurred.  The Target breach affected over 70 million people who innocently made purchases at their retail stores.  One of the latest, the Ebay breach, affected all of it’s users when a database was compromised.  Ebay and Paypal users typically have a debit/credit card or checking account associated with their username.  Statistically, nearly HALF of adult Americans have been a victim of some type of fraud.  A comment was recently made to me that it seems like these breaches are becoming less potent because they are happening every day.  The fact that people feel they these breaches are less potent is way too scary.  No matter how often it is happening around the world, when money is taken out of your checking account because your debit card has been compromised, it will seem like a very serious problem.  With all of that said, how do we protect ourselves from this happening to us?  How can we be 100% sure no one will steal our information?

Very simple.  Don’t shop.  Although we’d sure save a ton of money this way, it is definitely not going to happen.  There is no way that you can be 100% sure that your information is safe.  After all, we need to be able to shop freely.  It is evident that there will always be an associated risk when we are not using cash.  I am “that guy” who whips out a credit card when buying a 99 cent chocolate milk at the store.

We will never totally eliminate the risk of our credit card being stolen, but there are some things we can do to reduce the chances.

First, have your debit card shut off or request a new card.  Why?  If you have used your debit card for any purchases at a brick and mortar store or online, those cards are typically stored in that company’s database.  Debit cards are a direct link to your checking / savings account.  If this card number is stolen, they can quickly empty your account causing you to bounce checks or to be stuck without money.  There are many regulations and requirements for merchants on how they store your card numbers safely, but those regulations are not always followed by merchants.  Even when they are, it is not a “cure all” to keep the bad guys from gaining access to them.  These credit card numbers can actually be stolen may times by “sniffing the wire” before they are even stored in the database.  Many of the breaches that have happened recently are due to malware on the Point of Sale systems that are uploading the card numbers to the hackers as you swipe them.  The retailer typically doesn’t realize this for months, which at that time it is too late because they have already had your card number stolen from their system.

Once you receive you receive your new debit card, tuck it away and don’t use it.  Once your debit card is used, it is now “out there”.  Even if you only use that card at one place, you have still produced the risk of your card being stolen simply by putting your card number in someone else’s hands.

 

Use a credit card for everything.  Yes, this goes against what most are thinking.  I’m not talking about racking up huge bills and paying monthly interest on them, but using your card for your daily purchases and paying it off at the end of the month.  The credit cards themselves are not tied directly to your bank account which leaves it much harder for someone to steal all of your money.  It is much less stressful to fight a credit card bill with unauthorized charges than to find out that your actual bank account has been depleted because someone stole your actual debit card number.

 

Never give out more information than you have to. For marketing and other reasons, many places will ask you for information while checking out, such as zip code, email address, phone number, etc.  You are not obligated to give them this information.  Keep your footprint at a minimum, giving as little information as you can.  You will find that this will also keep you from getting as much junk mail in your mailbox as well as reducing spam to your email account.

 

Check your accounts daily.  This sounds cumbersome, but unfortunately, it’s necessary.  Recently, I logged into one of my credit card statements and found a $1 charge to something that didn’t seem to be right.  Along with the charge listed on the statement there was also a phone number.  I called the phone number to find a very odd sounding answering machine with a voice that you could not understand at all.  This definitely did not see legit.  Typically when credit card numbers are stolen from the merchant (store you shop at) those numbers are “verified” before they go on the black market.  The cards that successfully go through a $1 charge are sold more because they are “known good” cards.  If I would not have caught this $1 charge, someone would have had a day or two of fun with my credit card.  I immediately requested a new card.

 

Stop writing checks or at least minimize it.  This is probably one that you haven’t heard of before, but its very true.  Your check contains ALL kinds of information about you.  The routing number and number to your actual  checking account, your full name, and address.  Checks typically lay around until someone is able to deposit them, allowing for employees or other people to take a quick picture or write down your information.  From there, they can open up all kinds of accounts such as “Bill Me Later” which is a credit account that allows people to show online and pay later (of course YOU would then be the one paying).   You may not be in a situation where you can stop writing checks, but at least minimize it as much as you can.

 

In summary, the least amount of footprints that you leave at a store (whether online or shopping local) the less risk you have of falling victim to fraud.  Make your shopping simple.  One credit card equals one account to monitor.  Many of us have multiple debit cards, credit cards, and other accounts which make it nearly impossible to monitor them at the level that is needed

 

For detailed information from the PCI Council regarding the warning that was issue, click here.

 

Picture from smemon on Flickr via ccl 2.0