Latest blog Posts

The Unsinkable Titanic!

by Len Luckie 1203 days ago

“In the unlikely event…”

You have heard, “In the unlikely event… but not the rest of the important words to follow, because you’ve simply tuned out after the first part during a pre-take-off safety demonstration on an airplane, or during a pre-departure life boat drill on a cruise ship.  After all, it’s an unlikely event, so do you really need that life jacket? You were probably also thinking, “Never mind, I’ll sort it out later, (while I’m lining up with the rest of the panic-stricken passengers).”

“I don’t need an alarm system…”

You have probably heard a friend say, “I don’t need an alarm system for my house, because I always keep my doors locked. Besides, there’s nothing worth stealing.”

It’s sad how quickly that rationalization turns to self-pity after the house has been emptied by burglars, who also managed to take the most valuable possession that can’t be measured by money…“that feeling of security”.

“Don’t worry, you’re not liable…”

Credit card issuers keep telling their clients, “Don’t worry, you’re not liable for any illegal transactions as a result of your card’s data being stolen.” The fact is, we are all paying for illegal transactions, because the loss is simply covered by the fees and interest rates charged to the card holders. In addition, merchants are charged fees for each sales transaction… and they must pay for the card readers. So, let’s correct that misconception: The credit card issuer is the only party not liable for illegal transactions.

“You don’t need an RFID Shield…”

Credit and debit card issuers state, “You don’t need an RFID Shield for their chip cards because they are secure, especially the “contactless” chip cards.”  (A “contactless” chip card has a built-in antenna allowing the card be flashed at a terminal to complete the sales transaction without using a PIN).  The fact is, a “contactless” chip card can be read by a fraudster while the card is still in your wallet. So, why not use an RFID Shield?

“We’re not allowed to purchase RFID Shields…”

It appears that credit and debit card issuers have been putting pressure on the banks not to provide RFID Shields with their “contactless “chip cards and not to make them available to their clients who already have the cards.  We asked a key employee at one of the banks why this was happening and the answer was, “We are not allowed to purchase RFID Shields because our card issuer believes it sets a tone that their cards are not secure.” Another bank ordered 250,000 shields, but for the same reason, were not permitted to put any text on them regarding their intended RFID-blocking ability.

Back to the Titanic!

Design changes were made during the building of the Titanic to eliminate weight.  It was also felt that the original 48 lifeboats, enough for everyone onboard, would make the passengers feel a bit uneasy regarding the safety of the ship. So, the lifeboats were cut back to 20, only enough for 38% of the passengers when the ship was at full capacity.  This was deemed to be more than adequate since only 16 lifeboats were required based on the regulations in place at the time.  The Titanic was being built to be unsinkable anyway.

We all realize that a debit or credit card is not a ship… and certainly not the Titanic. However, security is the common issue here and it should be above the provider’s perception of what is adequate when more can be done.  I think we can all agree that extra lifeboats would have been appreciated!

The Price of Hacked Credit and Debit Cards

by Len Luckie 1238 days ago

What’s it worth to you?

Credit and debit cards with a chip and antenna allow you to simply wave a card at an RFID (Radio Frequency Identification) reader to complete a transaction without using a PIN.  The transaction’s amount is usually limited to $50 (more for some cards), which is convenient at a gas pump, grocery store or fast food restaurant.  Unfortunately, it also allows a thief to use a concealed card reader to steal information stored on the card’s chip while the card is still in your wallet or purse. It’s “electronic pick-pocketing”.

You might say, “It’s only $50 or $100 so who would want to bother stealing my card’s information?”  However, the stolen information is distributed through the Internet to organized crime.  The card is usually cloned by the thousands in a matter of days and spread like a virus internationally, all without the need of your PIN… and without your knowledge that your card has been compromised until it’s too late.

Credit card issuers claim that there is no liability to you for any illegal transactions as a result of the card’s data being stolen.  In effect, there is no cost to you.  Wrong! We all pay for criminal activities, particularly for theft through illegal purchases made on our credit and debit cards by the thieves who steal our card data.  The cost is simply built into the fees and interest rates. In addition, any amount of stolen data is too much.  It’s your private information. It belongs to you and you alone… until it is stolen and sold to others who will use it for their own illegal gains.

What’s it worth to thieves?

Thieves can buy and sell credit and debit card details through the black market for as little as $2 per card* and this is just for the basic information found on the card. That’s one of the reasons why this form of “electronic pick-pocketing” got started and there is so little risk of being caught. Cloned credit cards can sell for as little as $180 per card on the black market.  Machines for cloning credit cards can be bought for $200 to $1,000. The thieves who buy the cloned cards go on a shopping spree using each card for purchases under the set limit whereby a PIN is not required… and until the card is eventually refused at an RFID reader or the would-be purchaser is challenged by a retail clerk.

Of course, additional data can only be obtained through hacking into a database of credit or debit card accounts.  An example is the recent cyber-attack on Target Store’s credit card accounts. This involves a higher risk for a hacker, but with so much more stolen information the price goes up to $80 per card record if a thief wants a verification of the available credit limit or the bank balance. The price can jump to $700 if the “guaranteed balance is more than $80,000… and as high as $1,500 per card if the stolen record has a history of e-commerce purchases.  That alone sets the stage for a huge on-line shopping spree.  Now you know what it is worth to thieves.

* $2 per card and other amounts per card were obtained from “The Cyber Crime Black Market Uncovered”, a report written by Luis Corrons, technical advisor of Panda Security. Luis Corrons is on the Board of Directors of AMTSO (Anti-Malware Testing Standards Organization).  Luis Corrons is also reported to be one of the top 10 security experts followed on Twitter.

RFID Technology and Your Smart Card

by Len Luckie 1614 days ago

 

RFID technology… the good… and the bad.

Some people are still not aware that their new credit and debit cards may be at risk of a new type of identity theft. These new “smart cards” are now using Radio Frequency Identification (RFID) chips with a built-in antenna. They don’t need to be swiped through a card reader. You can just waive them in front of a smart card reader at some coffee shops, grocery stores or gas stations and the card reader automatically picks up your card’s information using radio waves.

These cards are typically identified with payWave, PayPass, or the radio wave symbol printed on them.  This RFID technology has the potential to make paying for things easier and to shorten line-ups at stores, but it also creates an easy way for savvy thieves to steal your credit card number along with the expiration date.

Credit card companies fail to appreciate the risk.

The official position of credit and debit card issuers is this: Even if a thief does manage to steal your card number, there’s not much risk that he can do anything with it.  That’s because RFID smart cards transmit an encrypted, one-time security code alongside the card number and expiration date to authenticate each transaction.  However, some hackers say it's easy to circumvent that system by deploying what's called a “replay attack”: A fraudster simply scans the RFID card dozens of times in a public place in a matter of seconds, capturing the security codes that the card transmits. A cloned card is then programmed to "replay" those codes at a store's payment terminal. The credit card company will only catch on to the fraud when the real cardholder tries to make a subsequent purchase with a security code that has already been used by the scammer.

In addition, I haven’t found a credit card company executive who is willing to give his or her credit card number and expiration date to me… and I can be trusted with this private information!  Regrettably, there are so many savvy thieves out there honing their skills in credit and debit card fraud and now RFID technology is just one more tool for them to exploit.  Electronic pick pocketing has been demonstrated quite well in various news reports.  At a minimum, these reports corroborate the vulnerability of RFID technology and how it allows thieves to steal private information from anyone in a crowd without even touching the victim’s wallet or purse.

There’s confusion at the banks!

Here is what happened at three of the top five banks in Canada during our research:

One bank’s customer service representative told me not to worry about my (RFID-enabled) debit card that I have already been using, saying to me that a thief can’t scan it, because the antenna hasn’t been activated yet.  That’s the answer I received after been put on hold for several minutes while he discussed this security concern with his supervisor.  That representative and his supervisor either did not know about RFID technology, or they intentionally gave me a false statement about the chip’s capabilities. Here’s why: The chip’s antenna does not have to be activated.  It is passive and it is always ready to give up its number and expiration date to any friendly or unfriendly RFID reader.

I specifically asked a customer service representative at another bank for a protective sleeve to prevent my credit card from being scanned by a thief.  She happily gave me not one, but two envelopes printed with “Bank Card Protector” and some cautionary text about protecting the card’s magnetic stripe.  What friendly service! Unfortunately there was no aluminium alloy (or any other metal) in the protective envelope to prevent RFID scanning.  I really don’t think she knew anything about RFID technology.

The third bank in my research took me by complete surprise!  They actually had the RFID-blocking envelopes that I was trying to find, but this particular bank didn’t print anything on them except their logo.  The employees had no knowledge of their RFID-blocking capability. They knew only that they are to be given to clients who ask for a protective sleeve for their credit or debit cards.

Here’s what CommuniMax is doing for your clients and you:

CommuniMax Direct is an authorized agent and distributor for RFID Shield Envelopes. The unique design of these envelopes includes a layer of polyvinyl for strength and a layer of aluminium alloy that protects against the detection of credit and debit card information…  in effect, protecting a consumer’s privacy.

Our RFID Shield Envelopes can be printed with your logo, telephone number and website address… a reminder that you are there for your clients every time they use their credit or debit cards. That’s the kind of frequency and exposure your advertising message needs!

Call us today for details!

 

Smart Cards and their contactless feature

by Len Luckie 1819 days ago

 

Smart Cards and their new contactless feature

Here’s what the new credit and debit cards do for you

The addition of a passive antenna in a debit or credit card allows you to simply wave your card in front of an RFID (Radio Frequency Identification) reader.  It’s the card’s new “contactless” feature.  There’s no swiping, inserting, signing, or PIN needed to make any purchase under a set amount.  The amount can be from $50 to $200 per transaction depending on the limit authorized by the card issuer.

Here’s what the new credit and debit cards do for thieves

The RFID technology allows thieves to use a concealed card reader to steal information stored on your card’s chip while the card is still in your wallet or purse!

The stolen card number and expiration date is distributed through the Internet to organized crime members.  The card is usually cloned by the thousands in a matter of days and spread like a virus internationally.  This is all done without your knowledge that your card has been compromised until it’s too late… and remember if you don’t need to use your PIN for contactless transactions, neither do the thieves who now have several clones of your card.

Here’s a look at both sides of the new feature

Card Issuer:  It is secure… one of the most secure contactless payment solutions available today.

Card Holder:  If it is secure, then why are thieves able to scan and steal the information  from a debit or credit card while it is still in someone’s wallet or purse?

Card Issuer:  If you do not want the contactless feature, call the number on the back of the card or visit a branch near you to deactivate it.

Card Holder:  Why offer to remove the feature if it’s not a problem?

Card Issuer:  If your card is lost or stolen, you pay nothing for the fraudulent purchases.

Card Holder:  Credit and debit card fraud is considered by some to be a victimless crime since the “big banks” are the ultimate target and card holders won’t be liable for the fraudulent charges.  However, these fraudulent charges do indeed get passed along to all cardholders and bank clients through high interest rates and bank fees… and what about the inconvenience of having to replace a card that’s been compromised?

 

Here’s what CommuniMax is doing for your clients and you

CommuniMax Direct is an authorized agent and distributor for RFID Shield Envelopes*. The unique design of these multi-ply laminate envelopes includes a layer of polyvinyl for strength and a layer of aluminium that protects against the detection and cloning of credit and debit card numbers.

Our RFID Shield Envelopes meet US Federal Government Standards.  (FIPS 201 approved.)  In fact, all US passport cards are now issued with these specific envelopes.

* Provides a security barrier at 13.56MHz and 860-980MHz.

Our RFID Shield Envelopes can be printed with your logo, telephone number and website address… a reminder that you are there for your clients every time they use their credit or debit cards. That’s the kind of frequency and exposure your advertising message needs!

Call us today for details!

Your bucket is leaking!

by Len Luckie 1904 days ago

All businesses have some form of a marketing strategy to acquire new clients. However, it’s inevitable that they will lose clients at some point. Unfortunately the common reaction is to concentrate only on the task of getting new clients to replace the lost business… and so, the cycle continues.

Stop! It’s time to look at your business as you would a “leaking bucket”. You can keep pouring new clients into the top, but what are you doing to stop your current clients from reaching that hole in the bottom of the bucket? What are you doing to find out why some of your clients have fallen through the hole and to get them back into the bucket?

 

Here’s how! Focus on just three main strategies:

  1. Acquire new clients.  Understand your target market and the trends affecting its growth or demise. Then develop a measurable marketing strategy to maximize new business opportunities and sales growth.
  2. Maintain current clients.  You’ve worked hard to attract new clients and it’s an expensive process, so it makes sense to take care of them once you’re got them. That means communicating with them and adjusting products and services to meet their specific needs. Forget about them and they will forget about you!
  3. Reactivate ex-clients. Some where along the line you didn’t meet certain clients’ expectations.  It’s your job to find out why and to correct any inefficiency.  Ask your ex-clients for help in making your business a better place so that they may return some day.

It’s time to take care of your leaking bucket.  It’s time to call CommuniMax Direct!

Confirmation Required
Confirmation Required