Just over a year ago, I put together a simple guide to dodging financial fraud; it quickly became one of the most popular posts on this site. Given some recent cyber events, now seems like a good time for an updated version.
How many times have you replaced your credit or debit card after the number was stolen?
Now how many of those times did you suffer actual harm due to the fraud?
Credit card fraud is frequently in the news - perhaps less now than it was two years ago, but it still remains a hot topic. Between Target, The Home Depot, Sears, Dairy Queen, Wendys, Cici's Pizza, Goodwill, Trump Hotels, Hyatt, Hilton - the list of businesses whose payment systems were breached to steal card numbers goes on and on.
In a widely-circulated news story this week, researchers at UK's Newcastle University discovered a way to collect Visa card numbers without breaching a merchant. Generally speaking, a card number cannot be used online without also knowing the expiration date and the 3- or 4-digit code on the back. Visa's payment network will block repeated attempts to guess the expiration and security code coming from a merchant - but does not detect guessing attempts spread out across many merchants.
The result is, by automatically and systematically generating different versions of security data for a card number, and trying the different combinations across thousands of merchant websites, a malicious hacker can successfully guess the correct combination of account number, expiration date, and security code in just a few seconds.
So what can you do to take credit card fraud off the top of your list of worries?