It’s the time to be an adult time of year.
We’re making out budget, organizing our freelance paperwork, and stepping up our spring cleaning game.
Generally, I don’t like to do things over and over again.
And since we are throwing out everything else this spring, why not throw out fear of identity theft?
I sat down with Gary Miliefsky, an IT/cyber security expert and the CEO of SnoopWall, a cutting edge counter-intelligence technology. Gary Miliefsky also advised the National Infrastructure Advisory Council (NIAC) which operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace.
Windy City Cosmo: In reality, how easy is it for someone to steal credit card information online?
With the recent breaches, TJMAXX, Target, Anthem, Home Depot, Sears, Wendy’s and many more it’s very easy and is done by professional cyber-criminal organizations on a regular basis.
Windy City Cosmo: What are some things that consumers should look for, before using their credit card information on a new site (i.e. an app)?
Gary Miliefsky: He invites readers to ask several questions including:
- Who makes the app or e-commerce website?
- Have you found out by using “WHOIS” where they are located?
- Is their hosted in China, Russia, the Ukraine, India, Brazil or some other country far away from the BBB.org or your local law enforcement?
- Do they respond to support requests?
- How good is their English language skills?
- Do they have a telephone number available?
- Do they answer the phone?
- What would you do if you were unsatisfied with an order from this merchant or through their app?
If any of your concerns cannot be addressed – returns policy, support skills, where they are hosted, etc. then don’t shop with them – go to a competitor as there are many and drop their app if you’ve installed it.
Windy City Cosmo: Which method of payment is most secure – PayPal, chip credit cards of Apple Pay, and why?
PayPal is much more secure than people think, but you should use a very strong and unique password that’s difficult to hack.
Chip Credit Cards:
Chip credit cards are the beginning of a new wave in the USA.
It’s really Chip & Pin that works great but that’s a lot for American’s to digest too quickly so they are starting with the Chip.
If you travel to Europe and other places that have been using Chip & Pin for years, you should ask your Credit card company to assign you a Pin for your card.
What happens is when the chip is read, they then confirm your pin is correct as an extra layer of security – this process is not yet enabled in the USA but the chip deployment is starting which helps ensure the real card, not a knock off is present.
Apple Pay has it’s pros and cons. It was exploited immediately upon it’s availability and apple blamed that on users having weak passwords.
There’s malware in both Apple iTunes and Google Play that can eavesdrop on your mobile wallet so this is still a very risky payment method.
Apple Pay and Google Pay: User Experience vs. Security:
Windy City Cosmo: Now that we are moving into the days of Google Pay and Apple Pay, where phones hold are credit card information, what are the added risks for credit card information being hacked?
Gary Miliefsky: It’s high risk. None of these ‘wallet’ vendors seem to care about security and privacy as much as ‘ease of use’ and ‘user experience’.
I can demonstrate breaking into Apple Pay, Google Pay, Samsung and LoopPay wallets and stealing credentials in seconds just with simple Flashlight and Bible apps.
The reason is that these kinds of apps get permission to use the Camera and Wifi for example, so when a user enters data (takes a picture of their credit card to upload to the smartphone wallet) it’s already being eavesdropped and shipped covertly to cyber criminals in other Nation states.
Windy City Cosmo: Are chip credit cards unhackable?
Chips are harder to hack…but it’s not impossible, in fact, look:
- Video Explainer: How Criminals Can Easily Hack Your Chip & PIN Card
- How a criminal ring defeated the secure chip-and-PIN credit cards
- X-Ray Scans Expose an Ingenious Chip-and-Pin Card Hack
It’s harder and takes more work but nothing is impossible to hack.
Windy City Cosmo: How have the use of smartphones made it harder to protect our credit card data and personal information?
What can we do to safeguard that information?
Smartphones have Bluetooth, wifi, NFC, 3g/4g LTE for networks and have webcam, microphone, keyboard and touch screen for input and can be eavesdropped on all of these ports and protocols.
You need an ENCRYPTED wallet and you need MULTI-FACTOR authentication.
If you are going to risk it, do the following:
- Clean up all the apps – remove them, the one’s you don’t use every day.
- Pay for apps that guarantee privacy or use NO NETWORK CONNECTIVITY– for example, many of the top free Bible apps are spyware – some connecting to servers in Russia, but a paid for Bible that’s not an app but a readable book with no internet connectivity is not going to spy on you – no network access means no spying. That’s safer to have on your phone if you are going to use it for mobile commerce or as a mobile wallet.
- Turn off all the wireless protocols like Bluetooth, NFC, Wifi and only use 3G/4G for online commerce – it’s much safer. If you use a mobile wallet only turn on NFC when it’s asking for it then turn it back off quickly.If you follow these four best practices tips I’ve come up with, you’ll be much safer.
What to Do When You Are a Victim of Identity Theft:
If you do become a victim of identity theft, Gary Miliefsky has tips to help you.