Sunday, 7 October 2007

Reducing your Risk of Credit Card & Identity Fraud

Here's my 15 tips to help reduce your personal risk of credit card fraud and identify fraud. Oh when I say identify fraud\theft, I mean when someone assumes your identify to rack up credit\loans and other fraudulent activity in your name.

1. Invest in a decent shredder, avoid cheap shredders they are a false economy, they often don’t last long anyway, and can make shredding a real chore. Try to get into the habit of regularly shredding receipts, statements or anything else with financial and personal information.

2. Never ever disclosure your PIN number, login details or passwords. Often fraudsters will “confidence trick” by appealing to either greed or fear. For example if you are told you have won a competition or entry into a free cash draw, but you have never entered the competition, I 99% guarantee it is either a scam or an attempt to collect your personal details for marketing, just remember there is no such thing as a free lunch. Also fraudsters will use fear to by pass your normal cautious thinking, often fraudsters impersonate organisations like your bank or your favourite online auction site, stating they have detected a security breach with your online account, and you must validate your details.

3. Never ever write down passwords, login details or especially Chip & Pin number.

4. Never send card details or bank details by Email, even if a hotel or online shop requests your card details by Email. My golden rule with Email security is, if you are not happy to write the Email contents on the back of postcard and post it, you shouldn’t be writing within an Email, as Email is no a secure medium. Also when reading your Email, the senders Email address and Name is no guarantee it is from that person or organisation, and of course never accept Email attachments, or click on links within Emails you aren’t sure of or expecting.

5. Never let your debit/credit cards or your card details out of your sight when making a transaction in the real world. Unfortunately low paid shop staff are some of the worst culprits when it comes to card fraud, either collecting card details and selling them on, or committing fraud directly themselves, it only takes them seconds for them to steal the info from your card.

6. When using a Chip and Pin devices or cash machines, use your free hand to shield the number pad as you type in your PIN. This will provide protection against bad guys who “shoulder surf” and hidden cameras.

7. If you can, avoid divulging your card details by telephone. You don’t know who might be listening nor can you see the person collecting details, and what they might doing with them.

8. With online banking, always type in your bank website address directly in the address bar of your web browser. Never click on web links, especially those sent in Emails.

9. At all times, make sure your computer has up-to-date anti-virus software, up-to-date Microsoft Windows Patches, Anti-Spyware and a Firewall installed and Enabled.

10. When Shopping online, make sure the webpage is encrypted before entering any personal and credit card details. Look for a locked golden padlock and “https” at the start of the web site address. You probably wouldn’t give your credit card details to a street trader right? Well consider the same approach when shopping online. If a website looks dodgy and you have never heard of the business, you probably should go with your instincts, as you would in the real world.

11. Always check through your statements, and chase up any anomaly you find, even the smallest unexplained transaction could be a sign of identify theft or account compromise.

12. When filling out forms or being asked for personal information verbally, never be afraid to question what you are supplying, as is it is all too easy to go into autopilot. Let’s say if someone knocks on your front door promoting a new local car wash, and gives you a discount voucher and then proceeds to ask for your your name, Email and phone number. Ask yourself why that information is being collected and question the promoter about what the car wash company will do with it. Don’t be afraid to question organisations as well, about how they are going to protect your personal information, read up on their privacy policies before parting with your personal information, know what you letting yourself in for.

13. Always keep your guard up, it's not as easy as it seems. We are all bombard with requests for our personal information on a dialy basis, whether via a street survey, or a small opt in check box on a form, always try to avoid giving up your personal information unnecessarily, often the people collecting it will sell it on to marketing firms for a profit or even worst.

14. Keep track of your bills, if every month you get a credit card statement, and one doesn’t turn up, chase it up. Also when you receive a new cheque book, check all the cheques are present, one cheque scam committed by fraudsters, is to intercept the mail, open it and steal a couple of cheques from near the back of the book and then cash them, before resealing and sending up the cheque book, its far too late before the victim discovers the missing cheques.

15. If you feel particularlly concerned that you might be a victim of identify theft, arrange a credit check on yourself to make sure. (I plan another blog around dealing with this at a later date)

27 comments:

agent0x0 said...

Great post! I would also add to this list shielding your debit/credit cards with a RFID shield. This is a small envelope that you can slide your card into and will protect your card from anyone attempting to clone or conduct a relay attack on your card. The one I recommend is the "Secure Sleeve" by Identity Stronghold (http://www.idstronghold.com/securesleeve.php?s=2)

Dave Whitelegg CISSP said...

Thanks for the comments, did you hear me rambling on Radio 4 lunch time yesterday? I was talking about just that, the new Contactless cards and shielding RF tags!

I'm going turn this post into a guide and stick on the website, I'll def. add the Secure Sleeve. Perhaps some good old fashioned tin foil might do the job too, if I get chance, I'll give them both a test.

agent0x0 said...

I would think tin foil has the same effect..just less pretty in your wallet. :)

Anonymous said...

Is emailing a scanned image of a document containing credit card details as risky as just emailing the details as text? How does it compare to faxing the same document?

Dave Whitelegg CISSP said...

You should avoid Emailing your credit card details full spot, either as text or a scanned image. Don't ever let anyone bully you into sending your card details.

Faxing your card details should be completly avoided too. Think about what happens to the fax at the other end, who can read it, how does it get disposed off etc.

Any merchant or retailer who asks for your card details by Email or fax is breaking strict rules set out by the Payment Card Industry (PCI) and can be liable to fines or withdrawal of card services by the likes of Visa and Mastercard, so it's a completely wrong practice.

So if some deskjockey insists on such bad practices, ask to speak with someone senior, then ask him where the organisation stands with PCI compliance.

Humanus said...

Your advices are great but a bit old. More to say all the passages can be narrowed down "be accurate and think twice":)

Samisoomro said...

I review getting good idea and view that written here about life lock they always protect the people and monitor them full time, if you getting more knowledge visit this site, it is updated and quality site I hope you getting good knowledge. http://www.identitytheftprotectionlock.com/

THEOSOFT said...

Thanks for the Template Designs.
http://www.theosoftindia.com

Web design Cochin said...

Thanks for the design idea. Keep writing on such subjects.I shared it with my friends and colleagues. Hats off to you for such a great post.

Building materials Kerala said...

Great post.Thank you for sharing.keep blogging.

Anonymous said...

A merchant is currently requesting credit/debit card details to be completed on a paper form sent through the post. The form requires individual to write the 3 digit security code as well. Is this PCI compliant?

Anonymous said...

is it PCI compliant for a merchant to ask individuals to send credit/debit card number and 3 digit security code on a paper form to be put in the post?

Spa Institute said...

Thank you for sharing such a useful resource.

Dave Whitelegg said...

"is it PCI compliant for a merchant to ask individuals to send credit/debit card number and 3 digit security code on a paper form to be put in the post?"

PCI DSS does not prohibit the paper collection and processing of cardholder data by post. However such payment method introduces PCI DSS security requirements and additional risks which the merchant needs to be aware, therefore I strongly advise against using this outdated method of card payment processing.

For instance once the customer completed postal payment forms enter the merchant environment, they need to be handled and treated with the same physical security as if they were cash. So workers opening payment letters containing cardholder information within the mail room would introduce several PCI requirements into that environment. Secondly once the payment has been processed the payment form must be instantly and securely destroyed, as under PCI DSS, the storage of the 3 digit security code is strictly prohibited post authorisation.

In all there are a number of difficult PCI DSS measures which require meaning within the environment when using postal forms, it is far easier to comply with PCI DSS (and cheaper) and much less risky to use electronic card payment processing. I would recommend using a third party PCI DSS compliant payment processor and so outsource the lion share of these cumbersome PCI DSS security requirements.

I hope this helps.

dubai apartment hotels said...

Great post,Thanks for the Template Designs.

abu dhabi desert safari said...

Thanks for the design idea. Keep writing on such subjects.I shared it with my friends and colleagues. Hats off to you for such a great post.

Dhow Cruise Abu Dhabi said...

Great Post

Attorney Credit Repair said...

Though dumpster diving has lost much of its popularity in stealing personal information do not count it out yet for many desperate hooligans still do it. Shred it for them not to be able to steal it.

affordable web design said...

excellent post!! i read and figure out all thats inside your article. i can see my credit cards security now. your step by step suggestion is very clear thanks a lot for posting a very helpful article!

CreditCardAssist said...

I really wish that more credit card companies had real people in the US on the phone lines when you call. It's so frustrating when I can't even understand what the person on the other end of the phone is saying!

computer hardware store said...

You share a great post with us.I such like your content what you may got here.I send your post to all of my friends.So, keep writing.
computer hardware store

web hosting uk said...

The problem here lies is easily remedies by managing which sites you'd give out your information to.

Plumber Milpitas said...

Done well. I am floored with the calibre of the data presented. I hope that you continue with the fantastic work conducted.

Medical clinics Houston said...

Brilliant exposed you input here. I just noted the crucial idea and tips in the issue of reducing your risk of Credit Card and identity fraud. Thanks!

PCI Compliance said...

Thank you for this post. These days, it's better to be safe than sorry. You must give your card proper protection and security.

Payday Loans said...

liable to fines or withdrawal of card services by the likes of Visa and Mastercard, so it's a completely wrong practice.

shredding Houston said...

Thank you for sharing these helpful tips on how to prevent credit card and identity fraud. This criminal act has become a huge problem to society worldwide. By practicing these tips, individuals can protect their credit card information from being stolen and used by criminals.