Tuesday, November 29, 2011

Fraud Scheme Hits Grocer

OK, this is the first time I've seen a Skimming attack on POS registers.  But the proof is in the pudding as they say.  So far, two cases in which SELF SERVE POS REGISTERS serve as points by which criminals capture data illegally. 

http://www.cuinfosecurity.com/articles.php?art_id=4280

In this particular case, there appears to be no account data compromised.  But, it reminds us that at ANY Point of Sale location can serve as a Skimming risk...

Interesting...

$1 Million ATM Fraud Scam Busted

Zoweee!  Some key aspects in this article. 

http://www.cuinfosecurity.com/articles.php?art_id=4274

First, ONE DAY of skimming yielded about 350K in losses.  A single Sunday the criminals used a skimmer and pinhole camera to collect just 350 acct and pin numbers.  Then they pulled about 1000 from each account.

Second, in many of these cases, it's the CUSTOMERS bringing attention to the cases, not the banks or law enforcement folks who solve the crime.  Interesting that we are still relying on ourselves to solve this type of crime.  Be very observant when you use your ATM machines.

Finally, it seems, according to the article that there is an explosion of ATM Skimming crimes with no real end in site.  The crimes are small enough that legislation to combat the problem wont be reviewed for a long time.  This means the problems will persist.

Monday, November 14, 2011

News 9 in Colorado on Skimming Devices in Area

Interesting video article on the use of skimming devices recently in Colorado. 

http://www.9news.com/video/default.aspx?bctid=1265391195001&odyssey=modtvideoendslate
 
I think the hidden story here is how most manufacturers attempt to correct for the problem.  Very costly to install, replace the ATM, replace parts of the ATM, or train the consumer.  Hmmm..
 

Monday, November 7, 2011

Skimming Scam STOPPED by Bank and Merchants

Good article on how certain merchants in Orlando FL helped stop a skimming scam from continuing over time.  The most intriguing statement I read from this is

"It's almost like they can't stop themselves from doing it..."

The statement is referring to the fact that US-based Credit and Debit machines still use older magnetic stripe technology, which is outdated and has inherent security risks.

See the full article here:

http://www.cuinfosecurity.com/articles.php?art_id=4218&rf=2011-11-04-ec&elq=6ee1ce687bca4b50ba1517aa85f0222a&elqCampaignId=765

Tuesday, November 1, 2011

21st Century Store Manager - Reseach Preview

Great Article on Retail.

Key Points:
  • Customers are incredibly empowered with Mobile Technology, causing weakness to brick and mortar stores
  • Manager and Employees in the store are most important in overcoming weakness
  • Four main ways ALL retailers can implement changes for benefit:
    • Give Managers more access to information on goods and services they are selling
    • Give Managers access to operational metrics on whats happening "in the store" REAL TIME
    • Present this information WHERE the Manager IS and...
    • The Manage needs to be out on the floor of the store
Good information in this article...

http://www.retailsystemsresearch.com/_document/summary/1363

Enjoy...

Monday, October 24, 2011

Radio Shack Back to its Roots?

Wow, now this would be a novel idea!  I can recall so many times over the last two years trying to just go out to the local Rat Shack to try to find something as common as an Ethernet crossover cable, and being met with that tragic phrase "No, we don't carry that anymore..."  and even worse for Radio Shack "You might try Best Buy down the road...". 

It sounds like Radio Shack may be making some intersting changes in the near future...

http://adage.com/article/special-report-ana-annual-meeting/radioshack-s-journey-bring-back-a-forgotten-customer/230602/

Friday, October 21, 2011

Smishing Scam Targets Wells Fargo

OK,

So a slightly different take on a familiar PHISHING attack.  In this type of scam, a cell phone user receives a TEXT (seemingly from the bank) saying there has been a breach in security and they need to call or respond with specific information (account #, personal info, last four digits, etc.).  Then the criminal takes that information and drains an account...

See full story here...

http://www.cuinfosecurity.com/articles.php?art_id=4172

Wednesday, October 19, 2011

ATMs Hit by Cash Trappers

Hmmm.  Here's a not-so-new approach to an old crime.  The cash trap has been a known crime for some time, but it's interesting that in EU, there is a DROP in skimming attacks at the same time an INCREASE in the cash traps.

In US, by many accounts, it seems the skimming is on the rise, along with several other crime (cash traps, smash and drags, etc.)...

See the full story here...

http://www.cuinfosecurity.com/articles.php?art_id=4169&opg=1

Thursday, October 13, 2011

NY Skimming Incidents may Be Linked

Kindof a general article again related to ATM Skimming.  It discusses the several cases that have more recently occurred (Seattle, Florida, New York).

http://www.cuinfosecurity.com/articles.php?art_id=4148&opg=1

Interesting factoid:

From one ATM Machine with ONE skimming device, the back could see losses of approx 50K!

Skimming Devices on the Rise - ABC2 in Baltimore

Great news report on the effects of ATM Skimming related to ID Theft in Baltimore.  This plague is spreading quite quickly. 

http://www.abc2news.com/dpp/money/atm-skimming-ont-he-rise

ATM Skimming devices are gaining in sophisticated.  Very descrete and attached to a Gas Pump...

Thursday, September 22, 2011

Is it REALLY the Economy, Stupid?

So, I can't help but get encouraged and frustrated at the same time when I see articles such as these.  First, a Duane Reade drug store opened over the summer in NYC.  Here's an excerpt:

"At 22,000 sq. ft., it is Duane Reade’s largest store ever. The cavernous former bank space has vaulted ceilings that rise two stories above the marble floor and retains the bank’s marble columns, pyramidal roof and French gothic spire. As the Bank of Manhattan Trust Building, it was the tallest structure in the world until the Chrysler Building opened in 1930. Donald Trump purchased it in 1995, but for 11 years the site was only used to host special events, Magnacca says. The New York City Landmarks Preservation Committee awarded it landmark status in 1998."


HOLY MOLY Batman!  A DRUG STORE!  That's encouraging for Duane Reade and Parent company, Walgreens, but really, a DRUG STORE?  Hard to believe we're still having a real problem with the ecomony when companies are performing this type of monumental addage to their existing footprint.

Take that story and add it to this one...  A Software Engineer, Stephen Huff, in MO builds PENSMORE (Loosely derived from "Thinking More), a 72000 sq ft high tech home. 

http://today.msnbc.msn.com/id/44607760/ns/today-today_people/t/take-tour-billionaires-high-tech-castle/

Said to be one of the largest and yet most fuel-efficient homes ever, I reckon the project alone will keep hundreds of workers busy for the next two years. 

I'm starting to think the problem's not really economocal in nature, but more POLITICAL!

6 Tips to Curb ATM Skimming

Again, due to the recent activities around the Pacific Northwest cases, recommendations are made on how Skimming attacks might be countered. 

The basic list looks like this (I've commented on some standout points...):

Fraudsters are Savvy to Surveillance - The writer suggests the Fraudsters KNOW that live video is not being monitored.  However, they do not address the use of RECORDED video.  Also, this is not a serious issue as the Fraudsters might simply use a machine without Video Surveillance.

Incidents Occur Quickly - 2-3 hours to collect a bunch of Account Data.  That's about what would be expected.  And then I suppose they move onto another machine.

No Wireless Technology - This is interesting in that the writer does not mention the use of wireless video cameras, something more commonly seen in the past.  But they refer to the actual skimming device transmitting data wirelessly.  I think it would certainly add costs and risk for the criminal, but it seems the use of a camera is still fairly likely.

Branch ATMs Preferred - The writer points out very good reasons for the preference of Branch Bank ATMs over Retail or otherwise, off-site ATMs.  Easy access and high traffic volume, most important.

Certain Makes Targeted - I would say the regular use of specific model(s) is more related to familiarity and costs.  If the Fraudsters can simply build ONE facade and product it in quantity, tehy can more quickly get the thefts underway at more places quicker and for less costs.

Merchants Can Help Detect Fraud - I find this most troubling.  FIRST, consider the issue that the Retail organization DOES NOT check IDs when a Debit charge is being conducted.  But SECOND. indeed, why/how should they?  The main point of using a debit card, specifically with a customer swiping access point, is so the employee never NEEDS to check the card and/ or ID.  It would seem to me a little strange after I've swiped my card and entered my PIN that an employee would ask me for the card and my ID.

Here's the whole article...
http://www.cuinfosecurity.com/articles.php?art_id=4084&pg=1

Wednesday, September 21, 2011

2 ATM Skimming Suspect Jailed

These are two additional folks linked to the same cases from last month in the Seattle area. 
http://www.cuinfosecurity.com/articles.php?art_id=4077

Friday, September 9, 2011

Top Stealth Home Energy Hogs

I saw this article and did a real quick once over in my house.  Found a couple of spots where I can certainly make quick adjustments.  With all the power outages recently, we often think about ongoing entertainment.  So one of the things I do is setup our Portable DVD players under the regular TV with a library of DVDs.  Each of the DVD players is plaugged in to keep it charged.  I moved things around a little, so I can, at any point in time unplug the TV, the FIOS Settop Box, and all the DVD Player at one time when not in use.  Looking forward to those millions of dollars in savings...  Or maybe just a few bucks...

Here's the article...

http://finance.yahoo.com/family-home/article/113465/top-energy-consuming-items-forbes

ATM Skimming: How Effective is Jitter?

This is an older article from 2010 regarding the "jitter" technology to provide anti-skimming protection.  Overall conclusion is the jitter technology should only serve as a piece of the overall anti-skimming solution.  I completely agree.  Thereare many ways to protect an ATM or Gas Pump from skimming devices, but how does one prove ROI on a device and how much is one willing to spend on the device or overall anti-skimming solution - PER ATM?

Here's the Jitter Article

http://www.cuinfosecurity.com/articles.php?art_id=2667&pg=1

Thursday, September 8, 2011

Hands Off - Gap’s apprehension strategy stresses safety

I read this interesting article about Hands Off Apprehension. Nto super original really, but gives some ood ideas on what Retailers are doing to train AP folks properly.

Hands Off! STORES.org

3 Charged With 6-State Spree Linked to $550K in Fraud

Good article from CUInfoSecurity.com on another recent update in teh war on ATM Skimming.  Three separate individuals brought up on charges.

Here's the whole story...

http://www.cuinfosecurity.com/articles.php?art_id=4031

Video Analytics - Business Intelligence or Infrastructure Security

Just thinking today about the differences between Analytics in the video world, and in particular the business case for the additional costs.  It seems there are two very broad categories of Video Analytics.  First, Critical Infrastructure Security Analytics, might be considered those used to provide Asset Protection, Loss Prevention, and/ or secure an organization's infrastructure and resources.  Most often these are marketed to Airports, Seaports, Government Buildings, and Corporate Offices, because this is the most likely area of an organization that can justify the higher price tag.  These are the most popular in nature currently and the ones most of the industry is referring to when they speak about "Video Analytics".  These might include items like:

 - Setting tripwires
 - Object (object might be defined as person or vehicle) left behind
 - Object entering an Area Of Interest (AOI)
 - Directional awareness
 - Flow control

Second, there are what could be referred to as Business Intelligence Analytics.  As the descriptor implies, this refers to those analytics in which provide additional business intelligence and by their nature are developed to serve that purpose primarily.  Most often these are related to Retail-type of applications (Consumer Retail, Retail Banking, etc.).  The analytics would enable the video system to provide items like:

 - Conversion Rates - comparing and analyzing shoppers to purchases
 - Directional Analysis - analyzing which direction customers move within a given Field of View (perhaps based upon in-store signage)
 - Employee Performance - analyzing and comparing numbers of customers serviced by coworkers and providing performance metrics between employees
 - Queue Analysis - providing automated response when queues are getting too long, or there is queue abandonment

Of course, the two broad types of analytics could overlap in certain ways.  For instance, identifying an object (person) within a field of view and then identifying that object crossing a tripwire could allow an analytics to "Count" people entering a department or Area of Interest - giving the appearance of Departmental Conversion Rate.

But perhaps what is more important is how the analytics, and the overall software package included, can display a Return on Investment. Analytics to date have had a hard time justifying the higher price tags. Now, we're starting to see prices drop, but also quality, accuracy, and expectations drop also.

A brief look at typical Critical Infrastructure Analytics show the most popular, and historically the most impressive Return on Investment (ROI).  Frankly, the CI analytics are touted to save lives and reduce loss.  Setting up an analytics to detect a "suspicious bag left behind" in an airport can protect the patrons and employees of the airport as well as reduce the possibility of costly terminal shutdowns.  Detecting a small boat approaching a larger vessel and triggering alerts can have a huge impact in protecting precious cargo and even even soldiers in battle.  But the reality is in those markets, it is very difficult to show ROI as the endeavor is to stop dramatic, and potential very public in nature, events from occurring.  In this case, a single "Failure" in a mission critical event such as this may not be acceptable (because it could cause loss of life and or expensive resources).

On the other hand, there is Business Intelligence Analytics.  By using department/ product level conversion to identify why "X" number of customers enter an area and yet do not buy a specific product, one can make a very real and immediate change to the layout of the store to increase sales of that product (or replace the product altogether). 

Also using a combination of Line Queuing Analytics, as well as, Real-Time Dashboard with Alerts and Forensics, a Store Manager could immediately affect Customer Service (by reducing wait times), and review and compare employee effectiveness.

In addition the risk of failure is insignificant in the overall plan.  Missing one or two people in an Area of Interest during a 1 hour period will not cause dramatic, negative results.

Tuesday, September 6, 2011

Pay at the Pump Skimming Epidemic

Great article on Pay at the Pump "Epidemic"

http://www.cuinfosecurity.com/articles.php?art_id=3951

ATM and Gas Pump Skimming - On the Rise?

Maybe its just me,  but it seems there has been a rise in the number of Skimming cases across the US in recent months. 

May 2009 - New York - Estimated 500K USD lost due to skimming devices
Sept 2010 - South Florida - ATM and Gas pumps found with devices
July 2011 - Houston, TX - 400K ATM Skimming Scam
July 2011 - Global ATM Skimming Ring Busted
Aug 2011 - Sacramento, CA - 2 men facing charges of ATM Skimming
Sept 2011 - Tampa Bay, FL - approx 44 customers defrauded at area ATMs
Sept 2011 - Seattle, WA - 3 Charged With 6-State Spree Linked to $550K in Fraud


There are of course many more than these, but it seems to be an increasing issue in the field.  Some would estimate the problem of Card Fraud totaling over 2 BILLION dollars in recent interviews.  This number is staggering considering the limited effort ATM manufacturers have put toward actually solving the problem.  Some have attempted to correct the problem by adding jitter technology into the machines themselves, which can be a costly effort to outfit legacy machines. Others take a more unintrusive route with a combination of detection and jamming devices.  Each has ways of providing parts of the solution, but it still seems pieces are lacking.

Strategies to Optimize Every Customer Interaction