What is a Card Skimmer?
A skimmer is a device employed by a fraudster that is designed to steal a victim’s plastic card information. That information is then used to produce a counterfeit card that can be used to defraud you! Skimmers are still commonly used and are responsible for more than a billion dollars in fraud per year!
Skimmers can take many forms and have become astonishingly sophisticated in recent years. Here are some examples:
Wait… Won’t Chip-Based Cards Solve this Problem?
The short answer is “not at first.” Skimmers work by reading the magnetic stripe on your cards, and those stripes aren’t going anywhere for a while. The so-called “mag stripe” is still there for backward compatibility purposes. Until every merchant, ATM, gas pump and POS device are chip compatible, we need the stripe.
How Do I Spot a Skimmer?
How Do Avoid this kind of Fraud?
- Always carefully inspect the gas pump or ATM before using it. If there are multiple devices, look for differences between them.
- Don’t let your card leave your sight if you can help it. Any time a server or someone takes your card out of your sight, you are at risk of being skimmed.
- Minimize ATM use. If you need cash, take out enough so that you don’t have to keep going back.
- Avoid using sketchy looking, hidden or poorly lit ATMs altogether.
- Cover the keypad with your other hand when entering your PIN.
- Use our Mobile Banking and MobiMoney apps to monitor your account closely and report suspicious transactions to our Call Center at 816-504-2800 as soon as possible. For more information, visit us at https://www.publicsafetycu.org.
On September 7, 2017, credit reporting agency, Equifax, reported a major cybersecurity incident that resulted in the compromise of personal data for at least 143 million consumers. Here’s what you need to know:
How do I know if I am affected?
- Virtually all financial institutions, including Public Safety Credit Union, report loan information to Equifax, so it is likely that many of our members are affected.
- You can go to https://www.equifaxsecurity2017.com/ to see if you have been affected..
What type of information was potentially compromised?.
- Equifax reports that name, social security number, birth date, address information and possibly drivers’ license data were compromised.
- Equifax has NOT indicated that Credit Union account numbers were compromised.
- Additionally, credit card numbers were compromised for about 200,000 consumers. This will likely only affect members that had provided their credit card directly to Equifax for services, such as credit monitoring, etc.
.What can I do to limit my risk?.
- Keep a close eye on your accounts using GKCPSCU’s mobile banking and Mobimoney apps. Vigilance is the best weapon.
- Use alerts in our online banking system to keep you in-the-know when activity occurs on your account.
- Make sure your contact information is current with the Credit Union, so you don’t miss any alerts or messages from us.
- Go to www.annualcreditreport.com to check your own credit report. You can do this for free one time a year.
- If you have paid for services directly from Equifax, you may want to have your credit card blocked and re-issued.
- You may want to consider a credit monitoring service. Equifax is offering free monitoring service to consumers, whether or not they have been impacted by this breach. Please note that there are many credit monitoring services, and the Credit Union does not endorse any one over another.
- You may also want to consider placing a security freeze on your credit report. This will NOT guarantee protection from fraud, but it will reduce the likelihood of a fraudster applying for credit in your name. Keep in mind, it will also keep YOU from applying from credit until you unfreeze your report.
9/7/17 Additional comment
Ransomware has been a prominent threat to the security of both organizations and individuals for several years, but has just recently become more common and more commonly discussed in the popular press. It sounds like something out of a movie plot, but it is the real deal. Over the two years, numerous large-scale ransomware attacks have infected computers all over the world, affecting personal computers and tablets at home, as well as large corporate networks. Sony, HBO, FedEx and many other companies have been affected by recent ransomware attacks, just to name a few.
What is Ransomware?
Ransomware is a type of malicious software or malware designed to prevent users from accessing their systems or data unless a ransom is paid. Some ransomware attacks will encrypt data found on a device; others may simply deploy a “lock screen” that prevents the user from accessing their system at all. Personal ransomware attacks may involve capturing embarrassing video or images through a device’s built-in cameras and extorting the user in exchange for not releasing the images on social media. These attacks can come from clicking links on malicious websites, spam emails or other types of exploits that take advantage of unpatched systems. Once a system is infected, the malware may attempt to propagate itself throughout a network, encrypting files along the way. Ransom demands usually involve making payment in the form of digital currencies, such as Ukash and Bitcoin, which can be used anonymously.
How to Prevent Being a Victim of Ransomware
Here are several recommended steps you can take to protect yourself from potential ransomware attacks:
- Be extremely cautious when opening email attachments or clicking on links which seem unusual or unsolicited. Hackers may even send emails that appear to be from people you really do know. If the tone or wording seems off, or if there’s an odd attachment, delete it!
- Update Your Windows Computers: Microsoft releases Windows patches frequently. Be sure to configure your “Windows Update” settings (found in the Control Panel) to automatically install patches as soon as they are available.
- Install and Maintain Antivirus Software
Use a good commercial antivirus system, such as Symantec, Kaspersky or TrendMicro on all of your devices, including tablets and phones. Remember, however, that your antivirus software won’t do you any good if it’s not kept up-to-date. Make any updates as soon as they are released.
- Disable cameras
Disable all web cameras when not using them, either by unplugging them physically, or covering them with a bit of masking tape if they are built into the device. Do not assume that turning them off via software settings will prevent hackers from turning them back on and capturing information that may be used to extort you.
- Backup Your Data
Data backups are perhaps the most effective defense against ransomware. Be sure to backup data to a flash drive or other system that is separate and inaccessible by your device. If you leave that flash drive plugged in, a hacker may simply delete or encrypt it as well. Be sure to test your backup media periodically to make sure you can restore your information if need be.
- Contain Viruses
If you believe your computer has been infected, disconnect it from any home or business network to prevent spreading the malware and seek help from a qualified technical professional.
For members of the Greater KC Public Safety Credit Union:
- User Name. With our new online banking system, you can define your own user name. Choose wisely! Don’t select an easy to guess name like “bill_and_wanda”. Instead choose something like “dogcatmilwaukee44”. Usernames can be up to 20 characters.
- Use LONG complex passwords. They don’t have to be hard to remember or random. Use phrases if that is helpful. For example, don’t try to remember “Mg7&53jfi!”. Instead try something like “wewenttoDenverlastsummer2011”.
- Challenge questions. Do NOT select a question/answer combination that is commonly known. I recommend memorizing answers that are not the correct answer to the question. For example, if the question is “in what city were you born”, instead of the actual answer, you might choose something like “applesauce”. Guessing security question answers are a common way to hack accounts.
- Don’t let your computer remember your password. Just not a great idea. Avoid this for better security.
- Current Contact Info. Make sure the Credit Union has your correct contact info so we can alert you when suspicious activity occurs. In Online Banking, click the “Contact Information” menu button to see the contact info that the Credit Union has on file for you.
- Use Alerts! Our online banking system will allow you to receive an alert every time anyone logs into your account, but you have to enable it.
To do that in online banking,
- Click the “Messages & Alerts” menu item.
- Click “Manage Alerts”
- Click the slider button to turn on “Login Alert”
- Then click the “Login Alert” link and choose whether you’d rather receive an email or text alert.
- While you’re in the alerts menu, look around and enable any other alerts that may help you manage and secure your accounts! I recommend enabling the following:
- Secure Message Alert
- Change in Contact Info Alert
- Login Credential Change Alert
- Avoid accessing online banking from public computers and wi-fi networks. Sometimes it’s hard to avoid, but when you can, avoid using other people’s equipment to access your accounts. If you do find it necessary, I recommend changing your passwords (and even your username) afterwards.
- Enable “Challenge Question Each Login”. In online banking, click “Additional Services” from the menu and click the slider button to enable this feature. Once enabled, you will be prompted to answer one of your challenge questions every time you login to Online Banking.
- Use One-Time PIN Authentication. If you really want to lock down your accounts, click “Additional Services” from the menu and click the slider button to enable this feature. Once enabled, you will have to enter an emailed PIN each time you login.
- Periodically check event logs. It’s a good idea to check your built-in event log periodically to make sure nothing looks suspicious to you, especially if you have reason to believe you’ve been hacked. To see it in Online Banking, click the “Settings” menu item, and then “Event Logs”.
Let us know if you have questions about any of these security measures!