PC Speak: Abney Associates Tech Blog, Peter Hoss: Skritt å ta for å bo trygt på Internett

Det blir stadig vanskeligere å leve uten Internett. Vi oppfordres til å kjøpe produkter, betale regninger, lagre og hente informasjon på nettet. Telefonkataloger blir foreldet. Flere eldre kjøper og bruker en rekke hånd gjennomført produkter kan ikke bare ta telefonsamtaler, men også å lagre en mengde av privat personlig informasjon.

Vi seniorer vokser ikke med Internett og ofte er ikke dyktigere i å bruke den. Vi søker ofte veiledning fra våre barnebarn. Vi må lære et nytt språk på datamaskinen snakke. Denne voksende trenden av Internett-bruk er trolig fortsette raskere enn vi seniorer kan holde tritt med den. Avslår å bruke Internett på alle er ikke anbefalt, selv om noen prøver den. Vi er også sannsynlig å bli igjen i en raskt skiftende kultur.

Svindlere har tatt full nytte av Internett. Pensjonister er en ettertraktet mål vokste opp i en mer tillitsfullt alder, som de fleste forretninger var utført av mennesker snakker med mennesker, i stedet for fremmede starter kontakter over Internett. Svindlere har holdt opp med teknologien, og har blitt jevnere og mer kreative.

Den gode nyheten for vi seniorer er imidlertid at nesten alle Internett-svindel kan unngås av sunn fornuft, reagerer rasjonelt i stedet for følelsesmessig, og følge noen enkle regler. Ved å leve et langt liv har vi forhåpentligvis perfeksjonert disse trekkene.

Nylig kom jeg over 2010 Reader's Digest artikkelen oppsummerer noen vanlige svindel og hvordan unngå dem. Jeg ble truffet av bemerker at disse svindel fortsatt vanligvis brukes. Folk må fortsatt falle for dem. Reglene for å unngå dem er ikke endret.

Her er noen eksempler:

Barnebarn i problemer eller turist ranet i utlandet. Vinne et lotteri som du ikke kjøpe en billett. En "gratis prøveversjon tilbud" som forplikter deg til å signere en kontrakt. Et tilbud om å lindre en av interesse på kredittkort. En utlending, ofte nigerianske, som eiendeler er frosset av en korrupt regjering eller banken som trenger en amerikansk partner. Falske veldedige organisasjoner. En falsk elsker ofte fra utlandet som trenger penger til å bli utsatt. Falske byråer. Falske hjemmet reparasjoner. En e-post som inviterer en til å sjekke noe eller kunngjør en salgsmulighet ved å klikke på en kobling, angivelig være fra en kjent person med e-postadressen er piratkopiert. Et tilbud for noe for ingenting eller en høy økonomisk avkastning for ingen risiko.

Det er bemerkelsesverdig enkle regler for å unngå alle disse svindel:

Vis alle uønsket e-post fra en fremmed med ekstrem mistenksomhet. Sjelden eller aldri, har noen mistet noe av bare ikke svarer. Kontroller kilden uavhengig. Ikke svarer på e-post sende meldingen men kontakt påståtte avsenderen via telefon eller en annen e-post. Kjent barnebarnet problemer eller ranet i utlandet en svindel kan noen ganger unngås ved sondering oppringeren ved å spørre personlige spørsmål. Husk imidlertid at en scam artist kan få personlig informasjon ved å hacke inn i Facebook eller andre sosiale medier. Sikrere praksis er ikke å svare, kontroller kilden uavhengig. Aldri gi et kredittkort, debetkort, personnummer. eller bank rutenummeret for alle via Internett med mindre du har igangsatt forespørselen. Dette er bare en invitasjon for identitetstyveri eller rense ut de bankkonto. Aldri Klikk på en kobling sendt via e-post til kilden er bekreftet uavhengig.

Svindlere bruker ofte Western Union som en uvitende deltaker i en svindel, fordi det er en rask metode for overføring av midler. Jeg vet om tilfeller der kunnskapsrik og hjelpsom Western Union operatører har luktet en svindel og snakket en ville være offer av den.

Ikke anta at personopplysninger på Facebook eller sosiale medier vil forbli privat.

Jeg vet jeg kan høres ut som en knust rekord Gjenta dette rådet, men svindel gå og folk holder fallende for dem. Det ville være fint å leve i en idyllisk verden der alle kan klareres, men dessverre vi ikke.

Peter T. Hoss er en pensjonert advokat og rådgiver for juridiske tjenester for eldre.

PC Speak: Abney Associates Tech Blog Indisk FB brukernes havne i hacking egne kontoer

Noen Facebook-brukere i India ble lurt inn hacking sine egne kontoer av en lurendreier hevder å avsløre passord av deres venner.

Svindel kompromittert brukerkontoen ved å lure dem til å bruke noen kode som tar kontroll over kontoen og eksponerer sine venners data i prosessen.

"Hva skjer egentlig når du limer inn denne koden i nettleservinduet konsollen er at en rekke handlinger utføres med Facebook-kontoen din uten din viten.

"Bak kulissene, brukes kontoen lister og brukere og gi liker sider for å blåse tilhenger og som teller definert av svindlere," forklarte Satnam Narang, sikkerhet svar manager for Symantec i et blogginnlegg.

Svindel benytter en instruksjons-video forklare "Facebook Hacking", som lenker til et Google-dokument som inneholder noen kode.

Koden tillater brukere å se venners Facebook passord, ifølge svindlere, instruksjonene forsøker å overbevise brukeren om å lime inn koden i deres nettleser konsollvindu. Instruksjonene forklarer at koden vil ta to timer å arbeide.

I virkeligheten utfører koden handlinger i bakgrunnen ved hjelp av den potensielle hacker Facebook-konto, inkludert etter visse brukere og like sider. Ingen tvil blir svindlere betalt for å kunstig blåse tilhenger eller som teller for noen brukere og sider.

PC Speak: Abney Associates Tech Blog Være proaktiv om kreditt etter brudd

Consumers need to pay much closer attention to their statements and charges.

(Photo: Thinkstock)

(Usatoday) - Mike Rosinski, 51, vet ikke hvordan en rekke bedragerisak spenner fra så lite som $3.19 for noen merkelig antrekk i Missouri til $434.10 på en yngel er elektronikk i en annen stat havnet treffer sin Visa-kortet i midten av April.

Kanskje han spekulert at det var da en parkeringsplass dreng tok sitt kredittkort, hevdet det var ikke går gjennom og så sa han kunne parkere gratis? Kanskje det var noe relatert til får hacket i målet hendelsen sent i 2013, men det synes tvilsomt som han allerede er utstedt et nytt kort etter at en.

Uansett, Rosinski, som bor i Hartland, Mich., sa han mener forbrukere trenger å ta hensyn til deres uttalelser og kostnader. Han kontrollerer sin balanserer regelmessig, men hans kone fikk ringe fra kortutstederen om mistenkelig aktivitet. Han fulgte opp direkte med kortutsteder, som Ja, skal sende ham ennå en annen ny kredittkortnummer.

Som mange forbrukere som ikke ønsker å håndtere noen nummer flere av problemene med å få et nytt kort, Rosinski bare ønsker mer kan gjøres for å stoppe skurkene før de gjør gebyrene. Jada, han er fornøyd at utstederen hadde et system for å oppdage svindel raskt, men hva med noen lagt å sette en stopper for hacking?

Vi ser mer svindel avgifter eller er vi bare mer klar over at svindlere jobber overtid for å få våre kredittkort eller debetkort informasjonen? Det kan være litt av begge, sier ekspertene. Svindel kan være økende delvis siste fordi det er så mange betydelige sikkerhetsbrudd sa Adam Levin, leder og medstifter av ID tyveri 911.

Et sikkerhetsbrudd fant sted i Michaels butikker og sitt datterselskap Aaron Brothers. Skjedde mellom 8 mai 2013, og Jan 27 Michaels butikker og kan ha truffet 2,6 millioner forbrukere eller 7% av transaksjoner i denne perioden. På Aaron Brothers, 26 juni 2013 og 2014, Feb. 27, og kan ha truffet 400.000 forbrukere.

Bransjeeksperter si det er mange måter noen kortinformasjon kan bli svekket, fra en rogue ansatte bruker en skimming enhet til en forbruker å phishing e-post til skadelig programvare installeres på et point-of-sale system i en butikk. Cyber-angrep kan være svært avansert og kriminelle er ofte ut av landet.

Noen andre svindel omfatte det som kalles "micropayment svindel ordninger" som belaste ditt gjentatte ganger for små beløp for rogue Internett apotek, falskt anti-virus programvare, smykker eller veske kjøpe klubber, og online gambling.

Brudd har ansporet et push for bedrageri teknologi og utvidet bruk av microchip kort som gir mer sikkerhet enn magnetstriper. Målet sa at neste år vil utstede chip og pin-kort for sin Redcard merket kredittkort og debetkort.

Akkurat nå, skjønt, forfjamset av brudd og anekdotisk informasjon på bedragerisak må alle mer forsiktige og mer villige til å bruke tid går online daglig eller ukentlig spore kostnader på en konto.

"Handlingen viktigste forbruker kan gjøre er overvåke kontoen tett," sa Teresa Thornton, senior vice president og direktør for svindel tjenester for banken Comerica.

En slektning, som leser sine regninger, fortalte meg om en $49.77 kostnad som ble gjort på sin konto i Mexico i April. Var det tilkoplet, kanskje en annen svindel en måned tidligere når han ser en falsk $11.18 kostnad fra en såkalt "BLS WebLearn" på hans kontoutskrift?

Mannen min onkel varslet umiddelbart hans kredittkortutstederen om $11.18 kostnader og han fikk beskjed om ikke å betale den. Men et nytt kort ikke var utstedt rett deretter. Kanskje skal man ha vært å hindre senere svindel kostnader. Noen ganger svindlere starter med små kostnader å sjekke om et tall er "live" og kan brukes til å foreta større innkjøp. Eller svindlerne fortsette å lage flere falske små kostnader bare for å holde svindel kommer.

Vaktbikkje området kalt "Krebs på sikkerhet" rapportert på BLS svindel i slutten av mars. En ny utslett av falske kostnader for ulike mengder, for eksempel $10.37 eller $12.96, ble rapportert av forbrukere. Tillegget kan også referere til PLI Weblearn.

Hjernen Krebs, forfatter av "Krebs på sikkerhet" har informert forbrukerne til å rapportere slik svindel umiddelbart til kortutsteder. Han sa det er også en god idé å be om et nytt kort selv om banken ikke foreslår et nytt kort på stedet. Tross alt, hvis noen har kortnummeret, er oddsen bra at flere svindel avgifter, stor eller liten, kan fortsette.

Beverly Harzog, en kredittkort ekspert og forfatter av "Confessions av en kreditt narkoman," sa forbrukerne ikke bør rettferdig vente på setninger. De bør også spore deres kort aktivitet online eller via mobile banktjenester så ofte som de kan. Ved lov, kredittkort ofre kan bare være ansvarlig for opp til $50 men mange utstedere ha ikke null ansvar i tilfelle svindel.

Bankene tilbyr også mobile varsler at forbrukerne kan konfigurere varsler dem til bestemte typer kontoaktivitet, inkludert transaksjoner.

Gitt, kan det være en hassle å faktisk gå kredittkortnummer, spesielt hvis du har strømregninga eller det gym medlemskapet automatisk trekkes fra kredittkortet. Når endringene, må du varsle selskapet som tar en automatisk utbetaling så du ikke treffer med ekstra sent avgifter eller avgifter for ubesvarte betalinger.

Likevel sa Levin noen forbrukere vil kanskje å kort nummer endre hvis de oppdager mer enn én eller to svindel kostnader.

"Det har aldri vondt for å være proaktiv og enda litt paranoid," sa Levin.

PC Speak: Abney Associates Tech Blog: What Can Go Wrong When Firms Use Your IP Address Against Fraud

All the worries stirred up by the Heartbleed security flaw highlight why it makes good sense to take precautions with personal data. But sometimes companies erect security barriers so high that they shut out even their own clients.

I recently went online to our Schwab account and requested a wire transfer. After a delay and a second request, followed by verification by telephone, several days passed without any money transfer.

Schwab then said: “In order to complete your request please go to one of our branches and bring a picture ID with you.” In a follow up call, an agent explained that the company grew suspicious based on a computer IP address — the identifying number given to a computing device — that did not match the location they expected.

I had logged in from home, but I was using a secure browser called Authentic8 Silo which masked my location (I’ve recently written about secure browsers here). I turned to experts to learn more about what had happened.

“I am surprised that mainstream companies are relying on that as a security measure, because I think the mechanism is incredibly brittle,” said Scott Petry, Authentic8’s co-founder and CEO. “If you go and travel around, it’s standard operating procedure for you to be picking up different IPs in different regions.”

Yet Schwab is far from alone in its practices. Security experts say companies routinely scope out your IP address whenever you visit their websites.

“Using IP address to prevent fraud and risky web activity is a widespread practice and you can expect almost everybody from online stores to social networks to banks are doing it,” said TJ Mather, president of MaxMind, which offers companies IP intelligence and online fraud prevention tools.

In the last five to eight years, companies have increasingly employed “confidence ranking” filters in which IP address and other data helps them set fraud alerts, said Mark Bregman, chief technology officer at Neustar which helps firms with IT security.

“Companies use a variety of methods for fraud detection, including browser header information, confirming account registration data matches, cookies, device finger printing, and for mobile users, device location,” he said. “This multi-tiered approach is appropriate because each method has its weakness. For repeat customers, companies will look for consistent behavior and information.”

Added Mather: “Session analysis is also used to do things like looking at the web pages a user navigated through before logging in or looking at the time users take to perform certain actions to identify anomalous behavior.”

Despite several phone calls and days of delay, Schwab remained suspicious and kept the account frozen. A traditional signed letter sent by mail did not assuage those fears. Only a visit to a Schwab office, even if one does not live in a town with a Schwab office, would resolve the issue, they said.

“We sincerely regret that certain circumstances that require a client to provide verification within a branch office may cause some inconvenience, but it’s a measure we sometimes have to take for the client’s own protection,” said Sarah Bulgatz, a Schwab spokeswoman.

Of course companies must take security precautions to prevent fraud. Yet in the future I expect that more people will turn to VPNs and secure browsers that provide websites less information– as users take more control over the flow of their own data. So IP address checks may become ever less accurate.

As for Schwab, it took several hours to travel to and from its office to prove that their warning flags had misfired. Because other banks and brokers rely on similar techniques, it is possible the same set of circumstances could have happened with them. Yet  the episode had soured the relationship. Perhaps somewhat impetuously, on Friday, we liquidated the account.

Alienating clients is not inevitable, especially if companies adopt better fraud detection methods. Chip Witt, director of product management, enterprise & OEM at security company Webroot, suggests two-factor authentication is ultimately the best approach for Internet security.

“Client certificates are a more efficient way to identify individual users than an IP address, as the certificate gets installed on the device, and does not change as the location and IP address does,” he said. “Neither certificates nor IP-based user identification address the other concern in a mobile world: a lost or stolen device. An increasingly popular way to positively affirm identity is to use two-factor authentication.”

“This, as it turns out, is also one of the more flexible and mobile friendly approaches, as it relies on something the user knows, their username and password, and something the users has, a secure token generator (or a mobile device that can receive tokens via SMS or mobile app).”

PC Speak: Abney Associates Tech Blog: Protecting your identity

Globally, cybercrime costs hundreds of billions of dollars each year and it comes in many forms, from computer hacking to phishing scams.

At the forefront of the fight is the U.S. Secret Service.       

While law enforcement is trying to stay on top of it, people are urged to do their part because in the end it's the consumers who will foot the bill.

A listing of stolen credit card numbers was found last month when authorities searched two homes on Quiet Way in Louisville.

"I'll be pretty conclusive -- it probably came from a recent data breech," said Paul Johnson with the U.S. Secret Service. "In this case we hit the mother lode."

According to Johnson, who heads up the Louisville Secret Service Office, the paperwork, an encoder, and a laptop -- everything needed to wreak havoc on someone's credit  -- were in a child's backpack.

"Stolen credit card numbers get re-encoded on a re-encoding device. You go to a legitimate store and you want to start buying as many of these as you can," Johnson said.

Johnson said thieves load gift cards, then sell them at pawn shops for 50 cents on the dollar.

In the case on Quiet Way, three men and a woman, described by authorities as Cuban and Mexican nationals were arrested. All pleaded not guilty

The Secret Service said it was just one of many identity theft scams.

For example, in March, Darnell Brown and Tierra Be'ans each received 42 months in federal prison for fraud and ID theft.

Phony Georgia driver's licenses were seized.

Police said surveillance video caught the couple buying merchandise at retailers using credit cards obtained by using phony IDs. The total loss to retailers in that case was more than $17,000.

"Criminals want your identity. Protect it with everything you have," Johnson said.

Sometimes victims can't see it coming.

It was recently discovered thieves installed skimmers at a New York City subway station to steal card numbers as tickets were being purchased.  A tiny camera captured people typing in personal identification numbers.

Johnson said everyone has to stay vigilant.

"The public should be checking their credit rating. They should go to one of the three credit reporting companies and is anyone taking out credit in their name that they are aware of," Johnson said.

Johnson said if you see a person in a self-service checkout line of a store loading up gift cards, report it to a clerk or police.

Clerks should also check to see if the numbers on the receipt match the last four numbers on the credit card.

Beware of phishing scams, either by the phone or in emails.

"It's important for individuals to take responsibility for himself. Your identity is something people want. Your credit card number is something people want. You have to protect yourself. Police cannot do that for you," Johnson said.

PC Speak: Abney Associates Tech Blog, Online fraud risks: protect yourself

The internet is such a part of everyday life that we don't even think about it any more. It's no more exotic and unexpected than having water coming out of the taps. However, unlike the water coming out of our taps, the internet isn't always pure and clear. And by using it without taking the proper precautions, we could find ourselves becoming the victims of online fraud.

So how can we protect ourselves?

CIFAS, the UK's fraud prevention service, discovered that in the last year, card fraud and identity theft had surged - with over 125,000 separate instances. A significant proportion of these frauds are perpetrated because people don't take sufficient precautions online. So what do you need to be aware of, and how can you protect yourself?

Experian has produced 5 top tips to stay safe online.

Beware of phishing expeditions

These involve emails or phone calls which come out of the blue, and persuade you to part with your credit card details or bank account information. There are a number of common approaches.

One is to pretend to be from your bank or card provider, asking you to log on and verify your identity. If you click on the link they have sent, you'll be sent to a site run by fraudsters, who will collect the information you input and use it to take your money. Others will use a likely-sounding story, such as telling you you have a PPI repayment waiting or a tax rebate.

Experian says that your best approach is to assume that all emails asking for confidential data are scams. If you receive an email you should contact the organisation involved to let them know about the scam - using email or phone details you have elsewhere rather than the link on the email.

Don't be a Twit

Be careful about what you reveal through social media. It can be easy to post photos of valuable possessions, complain about your bank by name, boast about a forthcoming holiday or mention pet names, your mother's maiden name or anything else you may have used as a password. There are plenty of people out there - including your 'friends' or people posing as them - who would use this to access your email, infiltrate online banking, or even burgle your home while you're away.

Be wary of wi-fi

It might be a useful way to buy something on the hoof, or check your bank balance, but there can be nasties hiding in public wi-fi when you're out and about - and your every online move can be watched.

Experian say it's worth being wary, avoid baking online on public wi-fi, and steer clear of any sites that need a password - from banks to social networks.

Check your statements

If a fraudster has taken over your account, or accessed your credit card, your statement is the first place it will show. Experian says that fraudsters are increasingly taking smaller amounts from their victims on a regular basis rather than a one-off hit. If you don't check your statements, it's easy to miss this. One of the best approaches it to go through every single transaction and only tick them off when you're absolutely sure you know what it is.

PC Speak: Abney Associates Tech Blog, Hacker claim about bug in fixed OpenSSL likely a scam

Hackers claim to have found a new vulnerability in the cryptographic library as serious as Heartbleed, and are selling it for 2.5 bitcoins

Security experts have expressed doubts about a hacker claim that there's a new vulnerability in the patched version of OpenSSL, the widely used cryptographic library repaired in early April.

A group of five hackers writes in a posting on Pastebin that they worked for two weeks to find the bug and developed code to exploit it. They've offered the code for the price of 2.5 bitcoins, around $870.

A new flaw in OpenSSL could pose just as much of a threat as Heartbleed did. But the hackers' claim was met with immediate suspicion on Full Disclosure, a forum for discussing vulnerability reports.

One commentator, Todd Bennett, wrote the technical description of their claim is "rather extraordinary."

The open-source OpenSSL code is used by millions of web sites to create encrypted communications between client computers and servers. The flaw disclosed in early April, nicknamed "Heartbleed," can be abused to reveal login credentials or a server's private SSL key.

More than two-thirds of the websites affected by the flaw have patched OpenSSL, according to McAfee.

The hackers said they've found a buffer overflow vulnerability that is similar to Heartbleed. They claim they've spotted a missing bounds check in the handling of the variable "DOPENSSL_NO_HEARTBEATS."

"We could successfully overflow the 'DOPENSSL_NO_HEARTBEATS' and retrieve 64kb chunks of data again on the updated version," they wrote.

They have not published their exploit code, so there is no way to verify their claim. The group provided an email address for questions, but did not immediately respond to a query.

A Google search showed the same email address has been used in other offers for data on Pastebin. In March, it was used in a Pastebin posting advertising a trove of data from Mt. Gox, the defunct Tokyo-based bitcoin exchange that was hacked.

The same advertisement also offered database dumps from "carding" websites, or those selling stolen credit card data, and data from CryptoAve, another virtual currency exchange that's been attacked by hackers. Scammers often try to make money by falsely claiming they have data of interest to the hacking community.

The Heartbleed flaw has since touched off an effort to strengthen the security of widely used open-source products. The OpenSSL Project, for example, had just one full-time employee and only received about $2,000 in donations annual despite its critical role in protecting communications.

On Thursday, a group of technology companies and organizations launched the Core Infrastructure Initiative, a project intended to generate funds for full-time developers on important open-source products.

The group's participants include Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and The Linux Foundation.

PC Speak: Abney Associates Tech Blog: Online Debit, Credit Fraud Will Soon Get Much Worse

I’m not much of a Nostradamus, but one thing I can predict with near certainty is that this time next year we are likely to find ourselves witnessing an all-time high in the rate of online credit and debit card fraud. Ironically, that surge in online theft will be the result of efforts to make the offline use of credit and debit cards more secure.

By Oct. 1 of next year, retail establishments are supposed to be able to accept new credit and debit cards that have a chip embedded and require the use of a PIN when making purchases at the checkout counter. The point is to make the cards smarter so that financial institutions can better detect fraudulent usage. Requiring a PIN clearly adds a layer of identification and protection that can deter such fraud.

How do we know that this effort to increase security at the point of sale is going to actually drive online fraud? We already saw it happen in Europe.

In 2002, European financial institutions starting rolling out these very same cards and point-of-sale terminals. We call this technology EMV (Europay, MasterCard and Visa). Financial institutions intend to make EMV a global standard for authenticating credit and debit card transactions using integrated chip technology.

This technology has now been partially or fully deployed in about 14 countries and regions, including most Asian Pacific nations, all of Europe, most of Latin America and the Caribbean. Every country and region in which EMV has been deployed has seen a corresponding surge in online fraud.

Four years after beginning the deployment of cards and new point-of-sale terminals, about 99 percent of businesses and consumers were utilizing EMV. No doubt the cards were effective at cutting offline abuse. Before EMV, Europe saw fraud losses in stores of about 13 basis points of net sales. After EMV, the offline fraud rate plummeted to just 3.5 basis points, according to Douglas King in the study, “Chip-and-Pin: Success and Challenges in Reducing Fraud.”

However, the online world was a fraud nightmare. Online credit and debit card fraud rates more than doubled from the pre-EMV days. In 2004, Europe had an online credit and debit card fraud rate of 25 percent. By 2010, the rate had soared to 64 percent. Further, the European Central Bank’s February 2014 report on card fraud found that card-not-present (CNP) payments, i.e. payments via the internet, post or phone, were the source of 60 percent of total fraud incidents across Europe in 2012. With about $1.1 billion in fraud losses in 2012, CNP fraud showed the highest growth rate, up 21.2 percent from 2011, and analysts project this growth rate will continue to increase in 2013 and 2014.

Making credit and debit cards smarter made the crooks smarter. They stopped using cards with EMV technology in brick-and-mortar stores. Even the thieves knew that using one of the new EMV cards in a store was quickly going to get the card shut down.

So they doubled their efforts at stealing online, where the chips in cards did no good when all that was required were card numbers. Additionally, the bad guys shifted more of their nefarious online activity to foreign countries where it’s even harder to tell a legitimate card user from a thief.

When EMV technology was established, the crooks also started targeting debit cards over credit. Most debit cards use the magnetic stripe and therefore behave like credit cards without the chip and pin, making it easier for fraudsters to exploit both offline using the swipe and online using the debit card number.

Some will probably ask why online retailers don’t just require a PIN for all purchases as in-store clerks do with EMV. We may see more of that kind of adoption here in the U.S. than we’ve seen in other countries that saw this surge in online fraud, even as offline fraud declined. However, putting any barrier to check out in the ecommerce world means a lot of full shopping carts that never make it to purchase.