Skimmers are nothing new, but now credit card scammers are placing them at the checkout line in retail stores. Watch this video from tonight’s CBS Evening News and see just how little time it takes them to place a skimmer.
There is a new app available in the Google Play store for Android devices called “CAC Scan.”
DO NOT USE THIS APP!
The app is designed to scan the bar code on the front of a military CAC and provide you a read out of the personal data including the name, SSN, DOD ID number, etc. And yes, it works. A little research shows the app developer is an American most likely associated with U.S. Army (either active duty, gov or CTR) and lives in the US.
Several disturbing questions remain:
- When you scan your (or someone else’s) CAC, where else does the data go; i.e., who else gets a copy of the results?
- Why would you need this app? You already know your personal info on your CAC… who’s info are you trying to obtain and why?
We cannot see any valid reason to use this app and the OPSEC/privacy implications are disturbing. It could be used to compromise PII on unsecured or stolen CACs. All the more reason to ensure we properly secure our CACs.
Please use EXTREME CAUTION when downloading and using any app – especially one that deals with your personal information.
DoDI 1000.13, January 23, 2014
2. GUIDELINES AND RESTRICTIONS. The guidelines and restrictions of this section apply to all forms of DoD ID cards.
a. Any person willfully altering, damaging, lending, counterfeiting, or using these cards in any unauthorized manner is subject to fine or imprisonment or both, as prescribed in sections 499, 506, 509, 701, and 1001 of title 18, United States Code (U.S.C.) (Reference (u)). Section 701 of Reference (u) prohibits photographing or otherwise reproducing or possessing DoD ID cards in an unauthorized manner, under penalty of fine or imprisonment or both. Unauthorized or fraudulent use of ID cards would exist if bearers used the card to obtain benefits and privileges to which they are not entitled. Examples of authorized photocopying include photocopying of DoD ID cards to facilitate medical care processing, check cashing, voting, tax matters, compliance with appendix 501 of title 50, U.S.C. (also known as “The Service member’s Civil Relief Act”) (Reference (v)), or administering other military-related benefits to eligible beneficiaries. When possible, the ID card will be electronically authenticated in lieu of photographing the card.
h. An ID card shall be in the personal custody of the individual to whom it was issued at all times. If required by military authority, it shall be surrendered for ID or investigation.
Title 18 U.S.C.
Section § 701. Official badges, identification cards, other insignia. Whoever manufactures, sells, or possesses any badge, identification card, or other insignia, of the design prescribed by the head of any department or agency of the United States for use by any officer or employee thereof, or any colorable imitation thereof, or photographs, prints, or in any other manner makes or executes any engraving, photograph, print, or impression in the likeness of any such badge, identification card, or other insignia, or any colorable imitation thereof, except as authorized under regulations made pursuant to law, shall be fined under this title or imprisoned not more than six months.
Hackers have reportedly stolen personal information for around 15 million consumers from a database of T-Mobile customers and applicants that was held by Experian. The compromised data comes from anyone who applied for a T-Mobile account after Sept. 1, 2013 and before Sept. 16, 2015.
Anyone who applied for a new contract or financed a phone through T-Mobile in the last two years should keep a vigilant eye on their bank and card accounts.
Read the full article for details on Consumerist.com.
Visit our Identity Theft page for ways to protect yourself and your family members.
Last night’s national news alerted us to the data breach that occurred at the Office of Personnel Management (OPM) in April of this year. Reportedly current and former federal employees personal information may have been compromised. OPM handles all aspects of a federal civilians career and federal civilian employees of many agencies are likely affected. OPM stated in their announcement that beginning 8 June and continuing through June 19, they would be sending notifications to approximately 4 million individuals whose personally identifiable information was potentially compromised. “The email will come from opmcio@
.com and it will contain information regarding credit monitoring and identity theft protection services being provided for 18 months (at no cost to the employee) to those Federal employees impacted by the data breach.” Visit our identity theft page for steps to take to protect yourself: https://ellsworthafrc.org/programs/finances/idtheft/
Below is the full announcement from the OPM: Source: http://www.opm.gov/news/latest-news/announcements/
Information About the Recent Cybersecurity Incident
June 4, 2015
The U.S. Office of Personnel Management (OPM) recently became aware of a cybersecurity incident affecting its systems and data that may have compromised the personal information of current and former Federal employees. Within the last year, OPM has undertaken an aggressive effort to update its cybersecurity posture, adding numerous tools and capabilities to its networks. As a result, in April 2015, OPM became aware of the incident affecting its information technology (IT) systems and data that predated the adoption of these security controls. Since the incident was identified, OPM has partnered with the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT), and the Federal Bureau of Investigation to determine the impact to Federal personnel. And OPM immediately implemented additional security measures to protect the sensitive information it manages. Beginning June 8 and continuing through June 19, OPM will be sending notifications to approximately 4 million individuals whose Personally Identifiable Information was potentially compromised in this incident. The email will come from firstname.lastname@example.org and it will contain information regarding credit monitoring and identity theft protection services being provided to those Federal employees impacted by the data breach. In the event OPM does not have an email address for the individual on file, a standard letter will be sent via the U.S. Postal Service. In order to mitigate the risk of fraud and identity theft, OPM is offering affected individuals credit monitoring services and identity theft insurance with CSID, a company that specializes in identity theft protection and fraud resolution. This comprehensive, 18-month membership includes credit report access, credit monitoring, identity theft insurance, and recovery services and is available immediately at no cost to affected individuals identified by OPM. Additional information is available beginning at 8 a.m. CST on June 8, 2015 on the company’s website, csid.com/opm, and by calling toll-free 844-222-2743 (International callers: call collect 512-327-0700).
Steps for Monitoring Your Identity and Financial Information
- Monitor financial account statements and immediately report any suspicious or unusual activity to financial institutions.
- Request a free credit report at AnnualCreditReport.com or by calling 1-877-322-8228. Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax®, Experian®, and TransUnion® – for a total of three reports every year. Contact information for the credit bureaus can be found on the Federal Trade Commission (FTC) website, ftc.gov.
- Review resources provided on the FTC identity theft website, identitytheft.gov. The FTC maintains a variety of consumer publications providing comprehensive information on computer intrusions and identity theft.
- You may place a fraud alert on your credit file to let creditors know to contact you before opening a new account in your name. Simply call TransUnion® at 1-800-680-7289 to place this alert. TransUnion® will then notify the other two credit bureaus on your behalf.
This week is Tax Identity Theft Awareness Week. Tax identity theft happens when someone files a fake tax return using your personal information — like your Social Security number — to get a tax refund or a job. Here are some tips to help you lessen the chance you’ll be a victim and learn what to do if you are.
Tip #1: File early in the tax season — if you can — to get your refund before identity thieves do. When you file, make sure you use a secure internet connection or mail your tax return directly from the post office to make it more difficult for thieves to get their hands on your personal information. Learn more at ftc.gov/taxidtheft and irs.gov/identitytheft.
Tip #2: What should you do if you think your Social Security number has been stolen? Or if you get a letter from the IRS saying more than one tax return was filed in your name, or that IRS records show wages from an employer you don’t know? Call the IRS Identity Theft Protection Specialized Unit at 1-800-908-4490. Report the fraud and ask for IRS ID Theft Affidavit Form 14039. If you are a tax identity theft victim, the IRS may give you a personal PIN number to verify your identity and protect your file going forward. Learn more at ftc.gov/taxidtheft and irs.gov/identitytheft.
Tip #3: Have you heard about IRS imposters? Tax scammers posing as the IRS call and say you owe taxes, and threaten to arrest you if you don’t pay right away. They might know all or part of your Social Security number, and they can rig caller ID to make it look like the IRS is calling. Before you can investigate, they tell you to put the money on a prepaid debit card and tell them the card number. The IRS won’t ask you to pay with prepaid debit cards or wire transfers, and won’t ask for a credit card number over the phone. If the IRS needs to contact you, they will first do it by mail. If you have any doubts, call the IRS directly. Learn more at ftc.gov/taxidtheft and irs.gov/identitytheft.
Tip #4: Here are some other tips to lessen the chance you’ll be a victim of tax identity theft:
- Always protect your Social Security number or Medicare card number: don’t give it out unless you have to, and always ask why it’s needed, how it’s going to be used, and how it will be stored.
- Shred old taxes returns you’re no longer required to keep, as well as draft returns, extra copies, and calculation sheets.
- Ask for recommendations and research tax preparers before you turn your personal information over to them.
Tip #5: Once tax identity thieves have your Social Security number and personal information, they can use them to commit other forms of identity theft, such as opening new financial accounts in your name. For steps you can take to deal with identity theft, go to ftc.gov/idtheft. Also remember to check your credit report annually. It’s free at annualcreditreport.com.
On 10 April, Rapid City Police announced they are investigating a series of credit card skimmers found inside pumps at several area gas stations. They stated that the skimmers they’ve found so far have been inside the pumps where they’re not visible to consumers.
You are recommended to monitor your credit cards and bank accounts (a practice we encourage for everyone, all the time). If you notice any fraudulent activity, report it to your financial institution immediately.
In fact, how much you lose depends on the card you used and how quickly you report the problem.
Many ATM/Debit Cards issuers have voluntarily agreed that an account holder will not owe more than $50 for transactions made with a lost or stolen ATM or debit card. However, under the law, the amount you can lose depends on how quickly you report the loss.
For credit cards, you loss is limited to $50 as long as you dispute the fraudulent charges within 60 days of receiving your bill.
For a better understanding of gas pump credit card skimmers here is a story by ABC News from August 2013 showing how the skimmers work and how your are at risk.
MINNEAPOLIS (AP) – Target says that about 40 million credit and debit card accounts may have been affected by a data breach that occurred just as the holiday shopping season shifted into high gear. The chain said that accounts of customers who made purchases using their cards at its U.S. stores between Nov. 27 and Dec. 15 may
have been exposed. The stolen data includes customer names, credit and …