First things first, if you haven't yet seen the video from Dr. Phil where the teenage utters the phrase 'Cash me ousside, howbow dah' that's storming the internet, please look it up. Otherwise this blog title makes no sense. And you deserve a good laugh.Okay, now back to business.Recently the 2017 Identity Fraud Study
by Javelin Strategy & Research was released. What the report finds, may make your stomach, and your wallet churn.
According to the report, the number of identity fraud victims increased by 16 percent, rising to 15.4 million U.S. consumers, in the last year.Javelin found fraudsters successfully adapted to net two million more victims this year, with the amount taken rising by nearly one billion dollars to $16 billion.Likewise, the data pointed to the increase in EMV cards and terminals as a catalyst for driving thieves to shift to fraudulently opening new accounts.A key finding states, “Driven by closing opportunities for point-of-sale fraud and the growth of e- and m-commerce, fraudsters are increasingly moving online, dramatically increasing the prevalence of Card Not Present (CNP) fraud by 40 percent. Meanwhile incidence of fraud at the point-of-sale (POS) remained essentially unchanged from 2014 and 2015 levels.”Card Not Present fraud
is “a type of credit card scam in which the customer does not physically present the card to the merchant during the fraudulent transaction. Card-not-present fraud can occur with transactions that are conducted online or over the phone.”The report went further to details the different types of ‘consumer personas,’ including those they classify as ‘digitally connected consumers.’I can safely say that I fall into this category, and would guess that many Cybrarians do as well.In the report, Digitally Connected Consumers are defined as consumers who “have extensive social network activity, frequently shop online or with mobile devices, and are quick to adopt new digital technologies. Twenty-five percent of these consumers used a P2P payment service in the past week. Digitally connected consumers have a presence on an average of 4.9 social networks, are predominantly female... This also exposes them to greater risks, a 30 percent higher risk of fraud.”P2P, or Peer-to-peer payment services include but are not limited to, PayPal, GoogleWallet, Venmo, SquareCash, and those conducted via social media including money transfer by Facebook and SnapCash by SnapChat.My personal favorite is Venmo, which uses a linked credit card, debit card or checking account to use the service. Consumers can charge friends or receive payments that can then be stored as a Venmo Balance for use at a later date or cashed out immediately to a bank account.It’s convenient to use and provides a social networking aspect in which you can see what your friends are paying one another for. I’ve begun to realize that this openness could be part of the danger.So, I’ve done some digging as to whether or not this app is safe.
First, it’s important to recognize that Google Wallet, PayPal, Venmo, and Square Cash are Payment Card Industry Data Security Standard compliant. This provides layers of digital transaction security.That’s a good start.In looking at Venmo specifically, the organization's website has a Scam Tracker feature where people can report potential fraud to the Better Business Bureau. That tracker reported in 2016 only seven U.S. instances of possible fraud involving Venmo. A Google search will tell you that there are media reports and personal stories on message boards like Reddit about reversed transactions.Taking my investigation a step further, I visited the Venmo Security Page, and while there is an email for support, there is no phone number listed. One strike against their customer service, which has also been questioned across the web.Josh Criscoe, head of corporate affairs and communications at Venmo, said that the app should only be used with people users know and trust.It is important to note that Venmo, in accordance with their usage policy does disclose: “Venmo is designed for payments between friends and people who trust each other. Avoid payments to people you don't know, especially if it involves a sale for goods and services (like event tickets and Craigslist items). These payments are potentially high risk, and you could lose your money without getting what you paid for. Venmo does not offer buyer or seller protection. Business usage of Venmo requires an application and explicit authorization. For more information, please see section C(1)(b) of our User Agreement.”Further digging told me Venmo uses bank-level security and data encryption to protect users against unauthorized transactions, and allows users to set up a PIN code for mobile application use for additional security. When account information is comprised, users will only be liable for $50 worth of losses, provided Venmo is contacted within two business days.Like many apps, it seems that a lot of the responsibility for keeping one’s information safe falls on the user.And, as the use of mobile payment apps continues to grow, it will be more imperative than ever to practice smart online consumerism.
A Forrester prediction states that, “by 2019, U.S. mobile-based payments will reach $142 billion, a huge step from the $52 billion in volume in 2014. And, has been estimated that by 2017 the global mobile payments industry will reach $1 trillion.”Randy Vanderhoof, executive director of the Smart Card Alliance, agrees that consumers must become more vigilant than think about changing their habits."What I tell people is to dedicate a credit card for online shopping and a credit card for purchases at physical stores. It’s much easier to track the fraud that way," Vanderhoof explains. "People also need to be aware that if they use a debit card
in the store, there is more of a risk because if they are subject to fraud, the money comes right out of their checking account. With credit cards, there are some more protections."Because I know I won’t stop using money transfer apps any time soon, and I doubt you will either, I’ve put together a list of 7 Tips for Protecting your Money Transfers.Protected Transfers= Protected Money = Protected Identity= Happy Consumer
- Be smart on social media: We’ve heard this plenty of times. And while it’s doubtful you’ll put your credit card out there, be weary of other information such as your birthday that can be used for verification purposes.
- Exercise good password habits: Just a friendly reminder. Use a different password for each account. You don’t want one compromise to lead to multiple others.
- Choose a money transfer site with 2 factor authentication: If an app is PCI DSS compliant, it will have security measures like this.
- Don’t exchange money with strangers: Only use apps like venmo with your friends. For Craigslist purchases, etc. use a more secure method for purchases.
- Regularly check your transaction history: Regularly should pretty much mean daily. The quicker you noticed something is up, the quicker you can report it.
- Report fraudulent charges ASAP: The sooner things are report, the sooner they can get resolved. Hopefully it doesn’t have to come to this!
- Earn your PCI/DSS Cybrary Micro Certification: Nothing better protects your identity than being an informed consumer.
Gaining the ability to examine different types of attacks targeting cardholder data, knowledge of the procedures to thwart those attackers and ultimately building and maintaining a secure network are paramount for everyone, in every industry.The PCI/DSS Micro Certification Course
covers the critical end user function of PCI compliance, incorporating various aspects of risk management within 6 control objectives. New: Cybrary's comprehensive PCI/DSS course.
Take steps to securing your identity today. If you haven’t already, use code OBLOG50 for half off your next Cybrary Micro Certification Exam.Olivia Lynch (Cybrary_Olivia)
is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the field of cyber security. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.