Archive | February 2017

10 Steps to Safer and Secure(r) ATM Transactions


The advent of Europay | Mastercard | Visa (EMV) cards in North America has caused a whole bunch of confusion regarding the security of credit and debit card transactions. The ability to further secure a transaction with encryption, PINs and other controls has reduced risk for some transactions, but done little for others.atm

And many EMV cards in the United States still have a magnetic stripe, which makes them vulnerable to the sale old-fashioned fraud and theft we’ve been dealing with for years. Much of this is made possible with skimming devices.

ATM “skimmers” have become cheap, effective and highly available. These criminal devices has created new risks for those of us who try to minimize direct, face-to-face human interaction or prefer to deal in cold, hard cash.

The reality is, you can’t always avoid using an ATM or point-of-sale device.

Most people don’t realize it, but using an ATM can still be a risky activity. And while it’s true that more banks are robbed online than in-person today, there are some simple steps you can take to make your banking transactions safer and more secure.

  1. Select an ATM at a bank, in a well-lit area. Do not use ATMs in hotels, convenience stores, malls or remote areas. Make your ATM trips during the day during high traffic periods. Use a drive-through is possible, your vehicle provides additional security and an effective escape route.
  2. If access to the ATM requires unlocking a door with a card, use a different card than what you’re about to use at the ATM. Any card with a magnetic stripe will work – use your library card or something with no value. Don’t use a card that stores your personal information in the magnetic stripe.
  3. Before swiping or inserting your card – check the ATM. Wiggle the card reader and the pin pad – they should not move at all. Look for anything else that looks out of place, like attachments, unidentified boxes or cameras or other modifications.
  4. Insert or swipe your card. Use your hand to cover the keypad when you enter your PIN. The idea is to block visibility by people behind you or cameras near the ATM.
  5. Make sure your PIN is random – not your birthday or anything else you’ve posted on social media. Change it once per year, or whenever you think it may have been compromised.
  6. Conduct your transaction. Know what you want before you get there so you don’t have to waste time at the ATM. Avoid multiple, time-consuming withdrawals that could keep you there longer than necessary.
  7. “Get off the X.” Don’t count your money at the ATM – even if there is an error you can’t do anything about it there anyway. Check your surroundings and maintain situational awareness. Move with a purpose.
  8. Report any problems to the bank that owns the ATM.
  9. Check your bank statement – it should match your receipts and ATM activity.
  10. Remember that gas pumps, car washes and other payment terminals are just as vulnerable to compromise as ATMs! Use these same steps – and some common sense to reduce your risk of problems.

If you’re curious about what’s actually stored on your credit cards, drivers licenses and other cards with magnetic stripes, check out Wikipedia for more information.

Don’t Get Sacked, Don’t Get Hacked

The NFL’s biggest game – and one of the largest sporting events on the planet – is just days away, offering millions the chance to be entertained for a few hours. Fans will be glued to their television sets to experience the drama, the competition and the footballshowmanship. Will they be thinking about cyber threats? Probably not. But, surprisingly, business owners can learn some valuable lessons about cybersecurity from the Super Bowl.

The NFL is a business. And like many businesses, it works with a massive ecosystem of outside companies to deliver its product to the people. Thousands of third-party vendors – from the rented stadium, ticket sellers and HVAC-system providers, to the retailers and halftime show techs – are required to produce the show. Unprotected third-party vendors provide a path of least resistance for cybercriminals to sneak through the digital back door, potentially compromising safety, leaving data unprotected and creating havoc for organizations.

While 71 percent of companies feel confident their security activities are effective, only 32 percent require third parties to comply with their policies, according to the most recent PwC Global State of Information Security Survey. Furthermore, the study found that third-party security incidents are on the rise. In the past two years alone, the number of companies attacked rose from 20 to 28 percent.

Having a plan to deal with vendors is important, but it’s just one of the lessons to be learned from the Super Bowl. Here are five takeaways about cybersecurity every business owner can score from the big game:

  1. Offense is easier than defense: Defense has an impossible job on the field. It can’t possibly prepare for every play the offense runs. As the old adage says, “The best defense is a good offense.” Business owners that arm their companies with a strategic offense will be less vulnerable to cyber attacks than those who are constantly trying to play defense against a multitude of threats. Remember: the bad guys only have to be right once to take down their targets.
  2. It’s a people game: Technology takes center stage in the big game. Massive video walls, anti-concussion helmets and interactive capabilities allowing fans to order a hot dog from their seats are all part of the experience. But the reality is, the game is won or lost by people. Companies that become distracted by cyber defense technologies may erroneously believe they are safe from an attack. As long as the human element is involved, risk exists.
  3. Winning takes continuous effort: Like football, cybersecurity requires work. While the Super Bowl is the punctuation mark on the season, both teams traveled a long, tough road to reach the championship. You have to play well for all four quarters. In business, it’s tempting to believe that purchasing a firewall on any given Sunday and throwing it in a rack provides adequate protection. The fact is, cybersecurity and the management of cyber risks is never done.
  4. Protect your assets: In a football game, there are only two things worth protecting: the quarterback and the football. The team that does the best job safeguarding these two assets wins. Likewise, in the business world, companies must identify their “quarterbacks and footballs.” Bank accounts, credit cards, identities, intellectual property and reputation are the five critical assets that need protection, and should be where all the energy is focused.
  5. Teamwork: Businesses typically focus on their core competencies and outsource functions like payroll, banking, logistics and other specialized skills. As mentioned earlier, these third-party relationships can unwittingly pose a cyber threat by leaving the digital backdoor wide open. Organizations working with third-party vendors should clearly spell out their position on cybersecurity in all contracts and require regular audits for compliance.

Unfortunately, cyber attacks are not a matter of “if,” but “when.” Like quarterbacks, all companies will eventually get hit. The key to survival is being able to mitigate the damage and recover. Technology alone, like helmets and padding for players, is not enough to protect you on game day.

Now about those $12 hot dogs.

Check out the original article I wrote for Security magazine here:

%d bloggers like this: