I have addressed this before, but wanted to address it again. Although I am not a security tech nor a lawyer, I am very passionate about security. I have a love/hate relationship with credit cards. I love the convenience of allowing customers to use them to purchase from my store. But I hate the debt it causes. They have too many fees to the merchant and to the consumer. But, in this era we need to use them.

Here are some helpful ways to keep protected:

1) The number one way to avoid credit card theft is never to use your cards. That may not be a viable solution for you. So lets think more realistically.

2) Limit the paper. The first thing that anyone thinks of with credit cards is internet purchases, but it is not the only way people can get your number or identity. In fact, the mail or trash is still one of the easiest ways to steal a person’s information. It is quick and you do not have to be a computer programmer to access the data. You just have to be willing to go through yucky garbage or steal someone’s mail.

• Make sure you shred all mail, even advertisements for credit card offers.
• Put up a locking mail box.
• Do not have statements sent via mail. Log on to their secure websites to view.
• Mail bills and payments directly at the Post Office, not through your street box.

3) Restrict Purchases on-line by:

• Use only one card with a low credit line for all internet purchases.
• Keep a log of your purchases – date and company so you can identify when there is a problem.
• Purchase gift cards from the actual company you are purchasing from or one from a major credit card company so you can pay with the gift certificate rather than credit card. This is a form of debit card and will also help you stay out of debt.
• Place the order on-line and then phone in your credit card number.
• NEVER, Never send your credit card info via email. But if you have to send it in 3 different emails. It is easy for someone to capture one email randomly, but the odds of catching all 3 for the same person is very rare.
• Sorry to dis PayPal™, but using PayPal™ does not 100% protect you. Giving them your number is just as dangerous or safe as giving a small merchant with a secure site. It is just a matter of who you want to give your information to.

4) So what make a site secure?

• Daily Scans: I spend boo-coo bucks each month to have my site “secure” from McFee Secure™. It receives daily security scans and provides a logo from the company telling you that it is active and scanned. It scans for potential vulnerabilities in which a hacker can get it. Basically it tries to hack my site daily. If it gets in, in any way it notifies me. If it is able to get in to any sensitive data (credit card numbers, profiles, etc.) it will even lock up my security with a notification and removal of the McFee Secure logo until I fix the problem.
• Identity Verification: Every site that is secure has to register their identity to proof they are who they say they are. When you click on the logo, it should give the name, location, and verified information. If that certificate does not match the website you are on, you might have potential problems.
• Little Locks and Cute Features: So do the little locks, green bars and other bells and whistles mean added security? Some do and some don’t. Not every site has them for the main reason, it costs more to get them. There is one feature that all secure websites has. It is the one way you can tell if the site has security features in place. Look at the address bar in your web-browser. Watch how you change to different pages it goes from “http:” to “https:.” This “s” will not happen unless security features are in place. Note that not all pages need to be secure. Pages like registration, password and log-in, cart and checkout pages are the ones that are needing the security, because they transfer your personal data. Other pages like product descriptions do not need to be secure. On some sites you will see it go from a secure to non-secure page. You might even get a warning, but it does not mean the site is not secure where it counts.
• Here are additional articles on Security:
  • Inorganic Ventures
  • e-How
  • SSL.com

5) For making purchases in person:

• Make sure all copies of CC slips are accounted for.
• Do not let your credit card go out of your site.
• Shred receipts not needing to be saved for tax reasons.
• Scan and save all your receipts on a CD and store with tax papers for that year rather than the actual receipt.

6) Protections starts at your end, first!

• Keep up-to-date with Program Updates: Make sure you are using upgrade web-browsing software, computer security software, and system software. Most upgrades are security based and help keep your computer, thus keeps your credit card information and identity safe.
• Got Cell Phone??: We are a people that wants that constant link with other. Just go to a restaurant and see how many people are texting, on the internet, or talking on the phone. (What happened to enjoying the company that you are with?? – Any how that is another topic.) Don’t give your credit card information, social security number, or drivers license to anyone over a cell phone. Reasons:
  • It is not a secure line. Transmissions can be captured with the right equipment from an electronics store.
  • It can be overheard by anyone.
• Protect your network. With wireless networks and hardware popping up everywhere, there is a lot of information floating through the air.
• Make sure your network is hidden with a secure password. Passwords with a combination of upper and lower case letters along with numbers are way harder to guess or randomly select. There is a very interesting article regarding passwords in the NY Times. Also, if you can see your neighbor’s networks, they can see yours. So can anyone driving into the neighborhood. Hide the network, if possible on your system, so that someone cannot even join or see the network without knowing the name.
• Change your Network name and password frequently. And do not use the default name that comes with it, yours or any family member’s name, your pet’s name, phone number, nor your address.
• If you use WiFi in hotels or internet cafes, makes sure there is firewall on your computer and that the computer itself has a password. Make sure you have up-to-date virus and malware software.

If you would like more information about protecting yourself, please checkout my other articles in my
Keeping Your Identity Safe (#1)
Keeping Your Identity Safe (#2)
Keeping Your Identity Secure (#3)

Keeping Protected On-line Contemplating the Creative Spirit Ronna Ross

Keeping Protected On-line originally appeared on Contemplating the Creative Spirit on April 8, 2010.

Taking Steps with Purchases – On and Off the Internet:

Identity theft is not limited to internet users. Stopping all internet purchases does not eliminate your risk. In fact, the only reason it reduces your risk, is because you are not using the credit card in the first place. So what can be done?

Here are some tips to protect yourself and still get your quilting fix:

Use only one card for purchases on and off the internet - If you only have one card in use and YOU keep it at a low limit, you will be able to pay it off each month, easily see fraudulent charges, and keep your risk down.

Keep a record of all charges to your card - This is an easy task to do with an inexpensive pocket notebook. You could even make a pocket to keep the credit card in the front of the notebook to make it an easy carry all.

Pay by check or cash – If that is not possible, think about purchasing a “debit card” or gift card from your favorite retailer or credit card company. Here at Grace Full Creations, you can purchase a gift certificate for yourself that acts like a debit card. The amount reduces as you use it. You do not have to use it all at once. The transaction can be done via the phone or internet. Then instead of posting your credit card as payment each time, you can post the code for your personal debit gift certificate. If desired, we can also call you when your balance gets low.

Many of the credit card companies are also providing “gift cards”. Some have initial fees, but the $3 it will cost, might save you thousands. Plus, it can be used as a budget device so that you only spend what you have budgeted into it. In today’s economy, budgeting can be the difference of enjoying life as you like it and not having enough at the end of the month.

You can also open another checking account that has a debit/credit card attached to it. Transfer only enough funds to cover your charges. This will limit your risk and still allow you to be able to have the convenience of a credit card.

Know who you are paying. Within the survey I asked which payment method was “perceived” as the most secure? Here are the results:

1. Credit Cards processed ON-line …..51%
2. Pay Pay®, a 3rd party processor ….. 46%
3. Money Orders …..35 %
4. Credit Cards processed OFF-line …..11%
5. Credit Cards processed via PHONE/FAX …..11%
6. Check or e-check, direct from your checking account …..9 %
7. GoogleCheckout®, a 3rd party processor …..<1%

Let’s remember these results are the consumer’s perceptions. They do not accurately test which method is the safest. Let’s examine each one and how information is transferred and stored.

Credit Cards Processed ON-Line, Third party processors – Basically, this group processes your personal information the same general way. You type the information in and when you click submit, the transaction is automatically processed. Depending on the selections that you, the consumer, has chosen, your information might be stored in their database. The security of the transaction and the storage will vary depending on the security systems that the processor has in place. Their advertising and marketing will affect your perception of their security. They could possibly all have the same security measures, but be viewed differently. You, the consumer, will have to evaluate the risk based on referrals, the processor’s security policies and other information they provide.

Money Orders or Checks - For the consumer, these methods are fairly secure. For the Merchant, not so much. We have to fully trust who we are selling to. To protect themselves, merchants will choose to accept these payments, but not send the goods until they clear. Checks and Money orders are easily counterfeited and extremely difficult to collect on if something goes wrong. The greatest risk to the consumer is theft through the mail or the merchant not delivery the items.

Credit cards processed OFF-line or information provided through phone or fax – In the case of off-line processing, the consumer provides the information which is then transferred to the merchant to process in the same manner a merchant might in a storefront. The securest merchants will have an encryption method to store the information until it is downloaded for processing. Then the best option is to have the information deleted to limit risk. With the exception of the storage, providing the information via the phone/fax or internet, the security then relies on the merchant. Just like handing the card over the counter, you must know who you are dealing with. Know how they store, process, and then store again the orders and your personal information. Who has access to it? Just like if you processed your orders through one of the large companies, do multiple people have access to your card information? Is it stored as hard copies or via computer? Is there password, firewalls, and other security devices protecting those computers?

There is no true answer as to which method listed above is the most secure. But do your research and you will feel safer with your transactions. And you will know who you are dealing with.

When you place an order over the internet you will want to be sure of one thing above all else – the transaction is secure.  So how can you tell?

Oh, they have a cute little logo saying “I am Secure” – ANNNNN – wrong answer! Anyone can steal a logo from any one else. Plus these people are creative. They probably can design one. The only way you can see if the particular site or page is secure is the presence of an “s”.

For example, when you enter into my site my web address reads http://www.GFCquilting.com. When you enter into any of my secure pages where sensitive data exists, the address changes to https://www.GFCquilting.com. This little “s” means that the owner of the site is who they say they are and that the transmitted information is encrypted.

Sites do not have every page secure. Why? Because it is overkill. You only need the pages that have your personal information secure, such as registration/login, profile editing, the shopping cart, and the checkout process. This is why you get an annoying message that you are going from a secure page to an unsecured page after you view your cart. When was the last time a hacker wanted to see that you are looking at Buggy Garden fabric rather than Civil War?

You can also check the security certificate by clicking on that cute little “I’m secure” logo. It should match the company you are dealing with.

When purchasing at a local store, make sure that there are no extra copies of your card number and expiration floating around. In the good old days before scanning devices came into play, these transaction sheets were how retailers got their money. Extra copies can mean, extra purchases you were not expecting. If a retailer wants to make another copy of your card either through a printed swipe or a scanning device, question them on the reason. Do not have them throw the carbons or extra sheets away. You take them and shred them. If they ask to re-scan your card, make a note in your notebook, just incase extra charges show up.

Keeping Your Identity Secure (#3) Contemplating the Creative Spirit Ronna Ross

Keeping Your Identity Secure (#3) originally appeared on Contemplating the Creative Spirit on July 12, 2009.

Series 2 of 5

What can YOU do to prevent exposing your identity?

Breaches or the transfer of information can happen in many places on and off the internet. By taking steps to prevent your information floating to others, you can reduce your risk greatly.

Taking Steps In Your Home:

1. Limit the entry of housekeepers, plumbers, or other repair personal into your home unsupervised. It is sad to say, but even friends and acquaintances should also be limited. If you do not want to live in fear of everyone that comes through your door, lock up your valuables. You wouldn’t leave a diamond on the kitchen counter to tempt the most trustworthy person. Why would you leave bank account numbers to do the same. An inexpensive lockable safe or file cabinet can help not only with your security, but keeping you organized as well.
2. If you cannot remember PIN numbers or passwords, write them down, but keep them in a locked secure place. Do not carry them in your purse or wallet.
3. Shredding bills or forms that are no longer needed. By not shredding your paper work you leave little bits of your identity everywhere – even in your trash. You might be grossed out to go through someone’s trash, but a thief would not. This is the good, old, and still reliable way thieves can steal from you.Don’t think it is limited to your trash can either. It can occur at the dump. Don’t think they can’t find you amongst the landfill. Your copy of a completed credit card application might just be the lucky paper that gets to bask in the sunlight for a week unto the next load comes.
4. Do not use a cell or wireless phone to place orders, talk to the Social Security Office or Governmental Offices, check on credit card or bank accounts, or to give any personal information. The information that you state can be easily captured through technical devices, not to mention heard by everyone around. I read a great article talking about just this, called “Are your cell phone conversations secure?” (update 7/2009 – Here are two more articles: Protecting your Cellphone. and Tapping your Cellphone.) Read them, if you would like to know more.
5. Secure your wireless computer. Don’t we love moving around our house, our laptops in tow to any room or even out of doors? But alas, it is such a hassle to have to put in a password to start our computer, log on to your network, or even to enter a program. But, not doing that little “hassle”, it can cost you dearly. Having that signal so strong and available to you, also makes your network available to your neighbors and drive by’s.I have talked to many people who have laughed about being able to use their neighbor’s wireless connection from within their own homes or their neighbor being able to use theirs. They act like they are doing them a favor. This isn’t sugar we are sharing. It is your identity. It is direct access into your computer network — direct access to your most personal information.
6. Safe guard yourself by using firewalls and passwords – not the same one – on every program and computer that it will let you enter one. And change your passwords often. It is hard to follow the mind of a psychopath, but granny next door with her passwords named after her precious “Buttercup” would be very easy to figure out.If you think this is not possible, take your lap top and drive through the area, see how many networks you can view or even log-on to. But remember, if you can see them, they can see you. The person that is self-secure and network knowledgeable wins …possibly your identity. Please read more information regarding wireless security.
7. Protect your Social Security number, Drivers License, passwords, and other personal information at all times. Don’t carry your Social Security card in your wallet or write your Social Security number on a check. Give it out only if absolutely necessary or ask to use another identifier.
8. Know who you are dealing with. Don’t give out personal information on the phone, through the mail, or over the Internet unless you know who you are dealing with. Did you call them or did they call you? If someone wants your information and you did not call them, ask to call them back.
9. Be alert to signs that require immediate attention:
   1. Bills that do not arrive as expected
   2. Unexpected credit cards or account statements
   3. Denials of credit for no apparent reason
   4. Calls or letters about purchases you did not make – Also remember, if a credit card company calls to question purchases, you should not have to give them your information. They already have it. If they ask for it and tell you they can’t go any further without it, ask for a number to call them back. Then call the number on the back of the card to verify your account. Give the real credit card company the information you got from the frauds.
10. Never click on links sent in unsolicited emails; instead, type in a web address you know. Use firewalls, anti-spyware, and anti-virus software to protect your home computer; keep all security and internet software up-to-date. Visit OnGuardOnline.gov for more information.A good example of this is an email I got in the past. It was fraudulently addressed from one of the top third party credit card processors. We will call them “Transaction Friend”. It looked completely professional and stated that their security measures detected a “possible” third party breach. It even had a case ID number and a link to get more information to resolve the situation. It is assumed that I would want resolve the situation since the letter stated that my account was placed on “limited” access to prevent further vulnerabilities. Sounds scary doesn’t it? It makes you want to take the quickest action possible by clicking that link. BUT DON”T DO IT! Instead, go to your browser software and the “Transaction Friend” site. Access your information from there to verify that your account is alright. Sure enough mine was. Had I clicked on the link in the email, I would have allowed someone to track my keystrokes and had given them my access codes.Third party processors, credit card companies, banks and other financial institutions are not frivolous with their security. They will not email you with links. Most likely, information will be called or mailed to you through the US mail. And they will not ask for information from you.
11. Check and update your online browsers often for security issues. These companies would be Opera, Mozilla, Firefox, Safari, Netscape, Internet Explorer, Camino and Flock. Please note that this list is not a recommendation.Mozilla and Netscape browsers state on their websites that they are no longer upgrading. (See picture inserts.) Using these programs can cause you to be vulnerable since they do not have updated security measures. Make sure what ever program you use is the most up to date. It might cause you a little hassle to upgrade, but it will save you from a LOT of hassle rebuilding your credit.
12. Don’t use an obvious password like your birth date, your mother’s maiden name, or the last four digits of your Social Security number. Even if a company asks for such information, what they truly want is a way to identify you. Choose codes that only you will know, not information that hackers can gain through public records.
13. Inspect: Your credit report. Credit reports contain information about you, including what accounts you have and your bill paying history.The law requires the major nationwide consumer reporting companies—Equifax, Experian, and TransUnion—to give you a free copy of your credit report each year if you ask for it. Many internet links claim to offer you a free report, but do not. The link below is the ONLY one that is truly free.Visit AnnualCreditReport.com or call 1-877-322-8228, a service created by these three companies, to order your free credit reports each year. You also can write: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.
14. Your financial statements. Review financial accounts and billing statements regularly, looking for charges you did not make.
15. Take control of your information: The FTC publishes a free brochure on Unsolicited Mail, Telemarketing and Email: Where to Go to “Just Say No,” that provides information on how you can cut down on the number of unsolicited mailings, calls and emails you receive by learning where to go to “just say no.” The national credit bureaus also offer a toll-free number that enables consumers to opt-out of all pre-approved credit offers with just one phone call. Call 1-888-5-OPTOUT (1-888-567-8688) for more information.
16. The Drivers Protection Act gives you privacy rights with regard to information maintained by DMVs. The law lists the ways this information can be used — a DMV may distribute personal information for things like law enforcement, driver safety, insurance underwriting, etc. A recent amendment to the law now prohibits a DMV from distributing your personal information for other types of uses, including for direct marketing, unless you give them permission. Contact the DMV in your state for more information.
17. The Direct Marketing Association (DMA) offers the Mail, Telephone, and E-mail Preference Services, which allow you to opt-out of direct mail marketing, telemarketing and/or direct e-mail marketing from many national companies. Use the links below to access information and forms for the DMA’s Mail, Telephone and/or E-mail Preference Services.  Visit the DMA’s website for their most up-to-date information.

The security of your identity is too precious to leave up to other people. First and foremost it must begin with you.

Keeping Your Identity Safe (#2) Contemplating the Creative Spirit Ronna Ross

Keeping Your Identity Safe (#2) originally appeared on Contemplating the Creative Spirit on July 12, 2009.

It’s not by giving up the internet!
(Security Series – 1 of 5)

A few years ago, I surveyed our members and asked questions regarding security issues. One hundred-fifty people responded. It was shocking to see the results, especially with the question “have you recently had your credit card or identity compromised?” Twelve out of one hundred-fifty had. That is 8 percent. (Please note: Respondents explanations did not indicate or imply that the breach came from our web site.)

Quilting is a 3.6 billion dollar industry as stated in the 2006 industry report “Quilting in America“. Per the report, 17 percent or 19.135 million of all U.S. Households reported having someone that participates in quilting. The total number of quilters in the U.S. now exceeds over 27 million. (1) Most of these quilting dollars are being spent through credit cards at local shops or via the internet making quilters a target of identity theft more than ever. Some have protected themselves by not shopping on the internet at all. Some find no increased risk in internet shopping.

The question remains, “are any of us safe from credit card fraud or identity theft?” Probably not, but some of us are definitely more safe than others.

In 2006, President Bush issued an executive order which launched a Task force to create a strategic plan which would make the government’s efforts more effective and efficient in fighting and preventing identity theft. The task force specifically targets identity theft awareness, prevention, detection, and prosecution. (2)

The Presidential Task Force came back with some of these recommendations: (3)

1. Establish a data breach policy for the public sector
2. Improve data security in the public sector
3. Decrease the use of Social Security Numbers by the Public Sector
4. Produce a publication for “routine Use” for disclosure of information following a breach
5. Develop an alternate means of authenticating identities
6. Provide victim assistance which includes restitution for victims
7. Develop a universal police report.

If you would like to view the full document see the footnote link above.

Overall, no one can guarantee that our credit or identity is safe. We cannot prevent someone “trying”. But, we can help ourselves by not making it easy for them to gain access to our information. We hope that you see this article, not as “threat is all around us”, but rather a positive that we, as consumers, can take control to reduce and even prevent fraud and identity theft.

Please read the rest of the series to find out what you can do to keep your identity safe.

May you have many days of happy and carefree Quilting!

Resources
In addition to the links provided throughout the article, FTC has developed an online information source for those who have fallen victim to this identity crime including a list of what to do in the event your identity is stolen. Please take advantage of this resource to help you and your family stay safe.

Keeping Your Identity Safe (#1) Contemplating the Creative Spirit Ronna Ross

Keeping Your Identity Safe (#1) originally appeared on Contemplating the Creative Spirit on July 12, 2009.