There are few pseudo holiday celebration days or months that truly get my attention. But National Cyber Security Awareness Month definitely does! It’s the one month a year that consumers are consistently reminded by news reporters, government agencies, non-profits and security companies that security is everyone’s responsibility.  All of us need to take actions to protect our personal security, our nation’s critical infrastructure and be good digital citizens.

The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on cyber security awareness and education for all digital citizens, partnered with McAfee on a new survey to examine U.S. residents’ online safety posture.  The findings reveal a substantial disconnect between our respective online security perceptions and our actual practices while on the Internet. The online safety survey shows that all of us can increase our efforts to make the Internet safer in light of such notable statistics:

90% of Americans agree that a safe and secure Internet is crucial to our nation’s economic security

50% say their job is dependent on a safe and secure Internet and 79% say losing Internet access for 48 consecutive hours would be disruptive

90% of us do not feel completely safe from viruses, malware and hackers while on the Internet

25% of us have been notified by a business, online service provider or organization that our personally identifiable information (e.g. password, credit card number, email address, etc.) was lost or compromised because of a data breach

This data shows that Americans can improve their online safety practices in a number of areas, especially when it comes to accessing the Internet from their personal devices. We can all increase our online safety practices by starting with these simple ways to stay safe online:

Keep your machine clean
Use up-to-date comprehensive security software and use the latest versions of your Web browser, and operating systems.

Own your online presence
When available, set the privacy and security settings on websites to your comfort level for information sharing—it’s good practice limit who you share information with.

Make passwords long, strong and unique
Use a combinations of upper and lowercase letters, numbers and symbols create a more secure password and don’t use the same password for all your sites.

Protect all your devices that connect to the Internet
Along with your PC, make sure to protect your Macs, smartphones, tablets and other Internet-enabled devices.

Connect with care
Get savvy about Wi-Fi hotspots and the potential risks of using them. Also, when banking and shopping, check to be sure the site’s security is enabled.

Robert Siciliano is an Online Security Evangelist to McAfee. 

Contactless technology offers many benefits, including faster and easier transactions, versatility to be incorporated into various personal devices including mobile phones, and improved data security over the magnetic stripe technology.

According to the Smart Card Alliance, “Contactless smart card technology includes strong security features optimized for applications involving payment and identities. Every day tens of millions of people around the world safely use contactless technology in their passports, identity cards and transit fare cards for secure, fast and convenient transactions. Multiple layers of security protect these transactions, making them safe for consumers and merchants. Some of these features are in the contactless smart card chip and some are in the same networks that protect traditional credit and debit card transactions.”

Nicely put.

Contactless technology improves data security in several potential scenarios.

ATM skimming: It’s difficult to skim a card that doesn’t actually come into physical contact with the reader. With the old magnetic striped cards, a card must be physically swiped through a reader device. These point-of-sale readers are found in retail environments, gas stations, and on ATMs. Countless skimming devices installed by criminals have been found in all of these environments.

Data breaches: In recent years, there have been hundreds of data breaches resulting in the loss or theft of more than a half billion records. Companies whose databases have been compromised have spent or lost millions of dollars as a result of these breaches. Contactless payment methods incorporating chip and PIN technology encrypt data to prevent it from being read in plain text.

Lost cards: If your wallet is stolen or you lose a credit card, it is highly probable that a thief will take advantage of the opportunity to rack up charges on your magnetic stripe credit card. A contactless chip and PIN card, on the other hand, can’t be used by just anyone, since any transaction requires a PIN.

So there you have it. These are just a few of the security benefits offered by contactless technology.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. 

Phishing, where a scammer sends an email that appears to come from a trusted source in order to trick recipients into clicking malicious links, has been around for quite a while now. Although phishing has become fairly well known, the scam continues to be a successful and widely used as a method of stealing bank credentials and other personal information.

Cyber security experts recently reported to the House Financial Services panel that criminals have tweaked their phishing tactics. Until recently, most phishing messages purported to be from a bank. But in the latest versions of this scam, the phony emails claim to be from the National Automated Clearing House Association, the Electronic Federal Tax Payment System, the U.S. Postal Service, private delivery firms, telecommunications companies and social networking websites.

According to testimony from the Financial Services Information Sharing and Analysis Center, phishing “remains the most popular attack method that criminals use to infect victims’ machines.”

To protect yourself from phishing scams, malware, and identity theft, follow these guidelines adapted from the Anti-Phishing Working Group:

1. Be suspicious of any email that demands personal financial information. Call your bank directly to determine if they legitimately need information from you.
2. Certain red flags can help you spot a phish, such as upsetting or exciting statements designed to elicit an immediate reaction.
3. Phishing messages typically ask for usernames, passwords, credit card numbers, Social Security numbers, your date of birth, or other similar personal details.
4. If you suspect that an email or chat message may not be authentic, or you don’t recognize the sender, do not click any links included in the message.
5. If possible, avoid filling out any form within an email that requires you to enter personal financial data.
6. Consider installing a toolbar in your Web browser to help protect you from fraudulent websites. These toolbars match compare online addresses against a lists of known phishing websites and will alert you before it’s too late.
7. The latest versions of Internet Explorer, Chrome, and Firefox include optional anti-phishing protection.
8. Check your bank, credit, and debit account statements regularly for any unauthorized transactions.
9. If you notice any suspicious or unfamiliar transactions, contact your bank and/or card issuer immediately.
10. Make sure to keep your browser up-to-date and install any necessary security patches.

Banks can help protect their customers by using iovation’s ReputationManager 360, which helps businesses avoid fraud loss by detecting high-risk behavior and stopping cybercriminals in their tracks. The device identification and device reputation technology from iovation assesses risk as activities take place at various points within an online site, such as account creation, logging in, updating account information, attempting a purchase or transferring funds. These checks can be customized and fine-tuned to suit the needs of a particular business, detecting fraudulent and risky behavior in order to identify and block cybercriminals for good.

As contactless technology embeds itself into the fabric of everyday transactions all over the world, numerous industries are fine-tuning integration of this latest payment technology into their operations.

Employee Badges: Organizations all over the world are using contactless technology to verify individuals’ authenticity before granting access to a restricted facility, computer system, or electronic device.

For example, a government employee might be required to use a “proximity” card in order to enter a secure facility. Where that employee might have once swiped a magnetic stripe card through a reader, she can now use a contactless card that is more secure and allows her to pass through the access control gate more efficiently.

Or a financial institution might have employees processing sensitive client information. If an employee steps away from his computer for a coffee break, a proximity device he is wearing might trigger his computer to perform a system lockdown until he returns.

Public Transportation: Planes, trains, buses, automobiles, and even shared bicycle services are implementing some form of contactless technology. In fact, multiple citywide transportation services now employ contactless payment methods and many more are making the move to contactless, allowing riders to carry one less card in their wallets by effectively rolling the transit card into the bankcard.

Your local retailers: Before you know it, most, if not all, of your payment cards will offer a contactless option. And once mobile companies and handset providers hash out the best and most efficient way to use mobile payment via contactless on your mobile phone, we will see thousands of mobile payment applications for every possible retailer emerge.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. 

According to a McAfee and Guardian Analytics report dubbed “operation High Roller,” an international ring of cybercriminals has been attacking banks around the world. They have been siphoning roughly $78 million from bank accounts in Columbia, Germany, Italy, the Netherlands, the United Kingdom and the U.S.

In the report, McAfee Director of Advanced Research and Threat Intelligence Dave Marcus writes that this organized crime ring built on tactics established with previous malware is coming up with innovations including: “bypasses for physical ‘chip and pin’ authentication, automated ‘mule’ account databases, server-based fraudulent transactions, and attempted transfers to mule business accounts as high as €100,000 (US$130,000).”

These hackers’ methodology represents a shift from traditional man-in-the-browser attacks on victims’ PCs to server-side automated attacks. Where they once used multipurpose botnets, they now rely on dedicated servers built for the express purpose of processing fraudulent transactions.

Like most financial fraud rings, this one had previously focused on European targets, but McAfee found that their thefts have gone global, spreading to Latin America and more recently to the U.S.

This threat impacts commercial accounts, high-net-worth individuals, and financial institutions of all sizes. The new methodology allows criminals to operate more quickly and to attempt a wider variety of transactions. It is a purpose-built, multiple-strategy approach that helps the criminals’ servers avoid detection, which keeps them live for longer, facilitating even more fraud.

Consumers can begin to protect themselves with antivirus, anti-spyware, anti-phishing, and firewall protection.

Banks and other financial institutions can improve their fraud detection rates even more by incorporating device reputation management into their layered defense. Many leading financial institutions use iovation’s ReputationManager 360 to helps stop new account fraud, detect fraud at user login, detect fraudulent credit applications and also to stop check deposit fraud from mobile phones.

“Contactless” refers to technology embedded in a personal device — typically a mobile phone, key fob, credit card, or access card — that transmits your data to another device from a distance of a few inches in order to complete a transaction.

Transactions involving data transfer have traditionally involved plastic cards with a magnetic stripe or some type of a bar code. And while these technologies remain commonly used, the migration to contactless is well underway, for a number of reasons:

1. Contactless tends to be a more secure data transfer method. Classic credit cards often contain sensitive yet unencrypted data, stored in plain text in magnetic stripes that can be compromised by various skimming devices.
2. Contactless technology can handle more data. Devices equipped for contactless transactions contain a small chip, which stores user data and has a vastly greater capacity than a traditional magnetic stripe.
3. Contactless technology is far more versatile than the payment technology it replaces. Relying on a plastic card and magnetic stripe limit your transaction options, whereas contactless technology can be used to store data in a variety of different devices, from a plastic card to a mobile phone to just about any type of product.
4. Contactless transactions are more convenient. We’re all accustomed to producing one card or another to make a purchase or access a restricted building or other area. But carrying all those cards around requires a wallet. And frankly, wallets are cumbersome and bulky. I long for the day when my mobile phone is the only device I need, containing everything I need to get anywhere and buy anything.

When your bank, employer, or local public transportation system rolls out contactless technology, embrace it. Before long, it will without a doubt be the preferred method for the majority of our daily transactions.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. 

Despite what you may assume, most celebrities and other extremely wealthy individuals do not relish living in a fish bowl, with every move scrutinized. While some certainly do flaunt their wealth, the vast majority do not want you dropping by their home or following them into the bathroom.

The average people who post their whereabouts online, constantly update their status, or list themselves in the phone book generally have nothing to hide. But in a celebrity-obsessed culture, the rich and famous are frequently stalked or harassed, and, since their personal data is so readily available, their identities are more likely to be stolen.

Every seemingly innocuous personal detail available to a criminal can be used to obtain more information, until that criminal has developed a full profile of the potential victim. A series of little crumbs ultimately leads to a loaf of bread.

The solution is called “security through obscurity.” Now, that statement might mean something different in certain circles, but in this case it means that the best way to secure your identity is to hide, buried in the abyss of the Internet, under assumed names, behind a corporate identity. This doesn’t mean using a stolen identity, but rather creating a corporate alias.

Once you have established a corporation, which is not difficult, you can operate under the business’ name to apply for credit, set up utilities, purchase property, and execute most other transactions. Or you might continue using your own name, but obfuscate your role by listing yourself as a low-level employee instead of CEO.

Regardless of the methods you may use to obscure your identity, you cannot hide your device reputation. Unless you rely exclusively on cash for every transaction and never access the Internet, your computer, smartphone, or tablet has an established online reputation. This is a good thing because it validates your transactions without having to go into your personal details. For example, if you use a corporate credit card to make an online purchase, the retailer can use device reputation technology to analyze the device’s level of risk and determine whether it has a history of fraudulent behavior.

If a retailer is using iovation’s ReputationManager 360, they will know immediately when a customer is attempting to make a purchase with a laptop masking its real location, and if it has been involved in fraud in the past at other iovation-protected businesses. This transaction can be routed to a manual review queue proactively in real-time, giving businesses a chance to prevent losses before they occur.