Physical Data Theft: Explained

DATA THEFT PROTECTING YOUR DATA FROM PHYSICAL THEFT SAFE B ANK. 732 23 JON RICHMAN 12/26 In 2018, credit and debit card fraud resulted in losses of nearly $28 billion SKIMMING & SHIMMING HOW IT WORKS Scammers collect payment card data to create a spoofed card Skimmers Device is attached over the card reader on an ATM or gas pump When a customer slides their card, the magstripe data is copied Shimmers Thin device slips inside a card reader slot to collect chip data GETTING MORE EXTREME Can only copy limited data – the same card info as magstripe skimmers In 2013 two entirely fake ATMS were found in Brazil installed on top of existing Surveillance A skimmer or shimmer alone won't get scammers the data they need machines A hidden camera or number pad overlay are often used to collect PINS in addition to card data Consisted of a disassembled laptop and card reader Complete with a display, PIN pad, and a 36 connection to collect the A SINGLE STOLEN CREDIT OR ADD BANK ACCOUNT DEBIT CARD NUMBER SELLS 3X ) INFO AND THE FOR $5 ON THE DARK WEB VALUES TRIPLES harvested data PROTECTING YOUR CARD DATA Look For Red Flags Choose The Right ATM Hide Your PIN Watch For Fraud Alerts Go to a busy street or indoor ATM for greater security If your bank reaches out to about potential fraud, responding quickly is the best way to protect yourself Loose pieces, mismatch materials, or obscured markings Cover your hand to avoid a hidden camera could be a sign the device has stealing your PIN been tampered with WILL CHIP CARDS STOP SKIMMERS? From 2015 to 2018, merchants who switched to chip readers saw a In 2019 Drop in counterfeit payments by 76% 99% <5% Drop in counterfeit payments nationwide by 49% of U.S. payments were made on chip cards of Americans are concerned about the security of their chip card CHIP CARDS Even with a shimmer, scammers can only can be hacked, but it's MUCH HARDER TO COLLECT CHIP DATA en masse than skimming magstripes – and - therefore less profitable recreate a magstripe card NOT a chip card BANK By October 2020 all brick-and-mortar merchants will be required to use chip transactions – or be liable for any fraud that results 2378 3892 4640 IMAN Without a chip, skimmed cards are mostly limited to card - not present (CNP) transactions. But, skimmed cards also lack a CVV2 – making them unusable in many online stores And financial institutions are constantly improving fraud detection Not All Chips Are Equal In the U.S. chip card offer more security, but they're still not as secure as the chip-and-PIN authentication used throughout Europe – Only a few card issuers in the U.S. offer chip-and-PIN cards ACCIDENT LOSS AND DEVICE THEFT ARE THE BIGGEST PHYSICAL THREATS TO YOUR DATA In 2017, Nearly 1 in 5 data security incidents involved device theft or loss DEVICE LOSS & THEFT HOW IT WORKS Laptop theft costs businesses more than 8X more than just replacing the device 25% OF LAPTOPS ARE STOLEN Mobile devices store sensitive data like FROM THE OFFICE OR A CAR passwords and account numbers If a device is lost or stolen that data, thieves can easily gain access 14% ARE LOST IN AIRPORTS OR ON AIRPLANES In 2006, a laptop and external hard drive were stolen from the home of a Veterans Affairs employee GIVING THIEVES ACCESS TO UNENCRYPTED PRIVATE DATA 26.5 million names, social 25% security numbers, and birthdates ARE 2.6 million disability rating – including health information RECOVERED HOW TO PROTECT YOUR DEVICES PHYSICALLY SECURE YOUR LAPTOP SECURE YOUR SENSITIVE DATA KEEP UNUSED CONNECTIONS TURNED OFF Always use a password and lock screen Keep laptops in a locked Turn off Bluetooth and WiFi office or use a cable lock when not using them Don't leave your Don't set your device to be discoverable Don't store sensitive data devices unattended on mobile devices SECURING YOUR DATA AFTER LOSS OR THEFT 01101001010100 1010101 AFTER YOUR PHONE GOES MISSING, YOU CAN STILL ACT TO SECURE YOUR DATA 11010010101010 010101001001 0101010101010101101 1010110100 Use "Find my phone" to locate the device 101001010100 1010101 101010100101010100 If you can't recover it quickly, remotely wipe the drive 0101010100110 010101011001010101 1001010101100 010110011011010101010 ASSUME YOUR 0101010101 1010101010101 ACCOUNTS AND PASSWORDS ARE COMPROMISED 1001010110 010101010101010001 1010001010 Login to your accounts and change all passwords stored on that device 11010101011010 101011001010 Contact your financial institutions to alert them to possible fraud 10101010100100 001001010001 Report the loss to the police – even if your device can't be recovered, a police report will help if you need to dispute fraudulent charges 10101010101010010101| 1101011001010 0101010101010 1001010001 THE FUTURE OF PHYSICAL DATA SECURITY A NEW THREAT: "JUICE JACKING" Criminals can load malware onto USB charging stations and cables left in public places – locking your device or sending data and passwords to the scammer While security professionals have demonstrated the threat is real, there's no evidence it has become widespread What you can do Opt for an A/C adapter instead of public USB chargers Watch for pop-ups asking if your connection is secure – these indicate the charger you're using can transfer more than just power ADVANCED SECURITY Contactless Payments SmartMetric Credit Card USB Hard Drives 40% of Visa transactions in the U.S. Requires the cardholder's fingerprint to use chip, magstripe, or contactless payments – So no one else can use your card If you need to secure and mobile storage for sensitive data, try a flash drive or external hard drive with advanced encryption were contactless in 2018 These services tokenize your payment data so skimmers can't get any reusable data: Apple Pay, Samsung Pay, Android Pay Offers no additional protections against skimming or fraudulent CNP transactions Advanced security features include PIN protection, fingerprint scanners, and tamper-evident construction As data security grows more advanced, so do scammers ACT QUICKLY TO PROTECT YOUR DATA Sources epic.org/privacy/vatheft techradar.com/news/best-secure-drives krebsonsecurity.com/all-about-skimmers technology.pitt.edu/security/physical-security-breaches snopes.com/fact-check/juice-jacking-real-security-issue creditcards.com/credit-card-news/emv-chip-card-slow-1701.php enterprise.verizon.com/resources/reports/BIR 2018 popcenter.asu.edu/sites/default/files/library/crisp/Laptop-theft.pdf enterprise.verizon.com/resources/reports/: creditcardinsider.com/learn/chin-and-sidnature-chin pcmag.com/article/328010/how.to c ignature-chip-and-pin-emv-cards creditcards.com/credit-card-news/which-us-issuers-offer-chip-and-pin-card.php cybintsolutions.com/data- usa.visa.com/VISsA12/17225554/credit-card-sid tapping to pe.com A COMPUTER SCIENCE_ DEGREE HUB DEVELOPED BY Report.pdf N NOWSOURCING 2016 Report.pdf -to-spot-and-avoid-credit-card-skimmers breaches- /blog/bdp/2018/11/14/ta y-they-happen-and-, isab-04LA.html heverge.com/2018/4/1 securitymagazine.com/ usa.visa.com/visa-everywhere/blog/bdp/2019/05/28/chip-technology-helps-1559068467332.html digitalcameraworld.com/news/verbatim-fingerprint-secure-hard-drive-protects-and-encrypts-your-data consumerreports.org/cro/2014/04/5-steps-to-protect-your-smart-phone-against-theft-or-loss/index.htm businesswire.com/news/home/20191205005661/en/ŚmartMetric-Biometric-Credit-Cards-Card-Fraud-Losses experian.com/blogs/ask-experian/heres-how-much-your-personal-information-is-selling-for-on-the-dark-web ing com/articles/85041-brazilian-authorities-discouing-companies-pin-emv-chip -discover-real-atm-behind-a-fake-one %24