U.S. Secret Service...U.S. Secret Service u.s. department of Homeland security The USSS was...
Transcript of U.S. Secret Service...U.S. Secret Service u.s. department of Homeland security The USSS was...
U.S. Secret Service
u.s. department of Homeland security
Michael Phillips
Special agent
Greenville Resident OFFICE
U.S. Secret Serviceu.s. department of Homeland security
The USSS was originally created in 1865 as a branch of the
U.S. Treasury Department to combat the counterfeiting of
U.S. currency - a serious problem at the time. In fact,
following the Civil War, it was estimated that one-third to
one-half of the currency in circulation was counterfeit.
U.S. Secret Serviceu.s. department of Homeland security
Identity Theft / Fraud Offenses :
➢ Title 18 USC 471 - Manufacturing of Counterfeit U.S. Currency
➢ Title 18 USC 510 - Theft/Forgery of U.S. Treasury Checks
➢ Title 18 USC 513 - Counterfeiting/Forgery of Private Securities, i.e. traveler’s
checks, cashier’s checks, corporate checks, etc
➢ Title 18 USC 514 - Fictitious Instruments, i.e. Comptroller’s Warrants, Certified
Banker’s Checks, Philippine Victory Notes, etc.
➢ Title 18 USC 1028 - False ID, Identity Theft
➢ Title 18 USC 1029 - Access Device Fraud
➢ Title 18 USC 1030 - Computer Fraud
➢ Title 18 USC 1343 - Wire Fraud
➢ Title 18 USC 1344 - Bank Fraud
U.S. Secret Serviceu.s. department of Homeland security
What Are Identity Theft and Identity Fraud?
“But he that filches from me my good name / Robs me of that
which not enriches him / And makes me poor indeed.”
(Shakespeare, Othello, act iii. Sc. 3.)
The short answer is that identity theft is a crime. Identity theft
and identity fraud are terms used to refer to all types of crime in
which someone wrongfully obtains and uses another person's
personal data in some way that involves fraud or deception,
typically for economic gain.
Source: Department of Justice
U.S. Secret Serviceu.s. department of Homeland security
The DefinitionIdentity Theft is when a thief assumes someone’s identity by using personal
information, such as his/her name, social security number, and date ofbirth to do the following in the name of the victim:
• Buy motor vehicles• Open credit accounts, including utilities and cell phones• False funding of Deposit accounts with credit cards attached• Rent apartments or buy homes
Leaving the victim with the bills and a damaged credit history file
Account Takeover (of existing accounts)Through fake ID and/or access to passwords and personal particulars
Assumes control over someone else’s financial accounts
Identity Theft is notUsing someone else’s credit card number to buy
• goods and services • Over the internet• By phone or mail order
This is fraudulent use of their account
U.S. Secret Serviceu.s. department of Homeland security
Identity Theft and Fraudulent-use-of-accountsDistinction is important because they have different causes and different remedies
ID TheftCause
• Compromise or giving away of sensitive identity information enabling the thief to pose as the real person (victim)
Remedy• Tighter control of information distribution (customer)• Security of customer data (internal from data breach)• Improved customer verification prior to new account opening
Fraudulent Use of AccountCause
• Compromise of CC data stored on merchant, retailer’s and paymentprocessor databases
Prevention• Check your CC usage on line.• Auto alerts
U.S. Secret Serviceu.s. department of Homeland security
2014 Statistics:
➢ 1 in 14 Americans was the victim of identity theft.
➢ 17.6 million people over the age of 16.
➢ 1 million more people than in 2012.
Source: Bureau of Justice Statistics (BJS) – Victims of Identity Theft, 2014
U.S. Secret Serviceu.s. department of Homeland security
2014 Statistics:
➢ The most common type of identity theft reported was
“unauthorized misuse or attempted misuse” of existing bank
accounts – approximately 8.1 million victims.
➢ 45% of victims found out about the fraudulent incident when
contacted by their financial institution.
➢ Fraudulent use of a credit card accounted for 8.6 million
victims.
Source: Bureau of Justice Statistics (BJS) – Victims of Identity Theft, 2014
U.S. Secret Serviceu.s. department of Homeland security
2014 Statistics:
➢ 14% of victims suffered an out-of-pocket loss of $1 or more.
➢ About half of those suffered losses of $99 or less.
➢ 14% of victims suffered an out-of-pocket loss of more than
$1000.00.
➢ Most victims were able to resolve any problems associated
with the incident in a day or less.
➢ About 9% of victims spent more than a month trying to
resolve the issue.
Source: Bureau of Justice Statistics (BJS) – Victims of Identity Theft, 2014
U.S. Secret Serviceu.s. department of Homeland security
2014 Statistics:
➢ 9.2 million women victims vs. 8.3 million men.
➢ Elderly victims (65 and older) increased by more than
500,000 from 2012.
➢ People with incomes of $75,000 or more, were the most likely
to be the victims of financial fraud (disposable income?).
Source: Bureau of Justice Statistics (BJS) – Victims of Identity Theft, 2014
U.S. Secret Serviceu.s. department of Homeland security
2014 Statistics:
➢ Only 1 in 10 people went to law enforcement for help.
➢ 87% of people contacted their bank or credit card company.
➢ 85% of people in general claimed to have taken some action
towards preventing identity theft, including checking credit
reports, shredding personal documents, or changing
passwords.
Source: Bureau of Justice Statistics (BJS) – Victims of Identity Theft, 2014
U.S. Secret Serviceu.s. department of Homeland security
Types of Fraud / Identity Theft:
➢ Skimming
➢ Data Breach
➢ Investment Scam
➢ “419” Scam
➢ IRS tax fraud
U.S. Secret Serviceu.s. department of Homeland security
What is Skimming?
The copying of electronically transmitted full track data on the magnetic strip of a credit card, to enable valid electronic payment authorization to occur between a merchant and the issuing financial institution.
Track data otherwise known as a “DUMP”
U.S. Secret Serviceu.s. department of Homeland security
Skimming•The equipment is available over the Internet
• The software and hardware are very user friendly and extremely
mobile
• The skimmed information can be transmitted via e-mail anywhere in
the world within hours after it is skimmed
• Cardholders are not aware that they have been victimized until they
receive statements showing the fraudulent charges
U.S. Secret Serviceu.s. department of Homeland security
SkimmingCommon Skimming Locations
• Restaurants• Hotels• Gas Stations (affixed to pumps)• ATMs (affixed to machine)
Why are these locations so popular?• Heavy customer volume• Credit card is common payment method• Multiple employees (difficult to identify suspect)• Employee turnover (co-conspirators easy to recruit / emplace) • Covertly placed (gas pumps and ATMs
U.S. Secret Serviceu.s. department of Homeland security
Skimming
Credit Card Number
& Name
CVC
Discretionary
Information embedded within Information embedded within
Credit Card TracksCredit Card Tracks
Skimmers Capture all 3 Tracks of Information
U.S. Secret Serviceu.s. department of Homeland security
Skimming
U.S. Secret Serviceu.s. department of Homeland security
ATM Skimming
U.S. Secret Serviceu.s. department of Homeland security
ATM Skimming
U.S. Secret Serviceu.s. department of Homeland security
ATM Skimming
U.S. Secret Serviceu.s. department of Homeland security
Gas Skimming
U.S. Secret Serviceu.s. department of Homeland security
Gas Skimming•The advent of wireless technology has led to passive wireless
skimming, where perpetrators plant skimming devices that
broadcast account information wirelessly in gas pumps, ATMs,
and point of sale terminals.
•These devices minimize physical interaction with the
skimming device, increasing the odds that the skimmer will
operate undetected.
•Even if a wireless skimmer is found, it can be difficult to
identify its owners
U.S. Secret Serviceu.s. department of Homeland security
Data Breach -Current TrendsHackers are attacking:
Brick-and-mortar merchants
Issuers
E-commerce merchants
Processors and Agents
Hackers are looking for:
Software that stores sensitive cardholder data
Personal information to perpetrate identity theft
Track data and payment account numbers
PINs
Malware customized to steal cardholder data
U.S. Secret Serviceu.s. department of Homeland security
Insecure Systems • Not installing critical patches
• Unused ports open
• Default passwords
• No anti-virus
• Remote desktop clients
• No password expiration
• Insufficient Account Maintenance
Human Vulnerabilities• Non-complex Passwords
• Same password across multiple systems
• Common shared password and Admin accounts
• Email and attachments from unknown individuals
• Social Engineering
Data Breaches
U.S. Secret Serviceu.s. department of Homeland security
Questions?
U.S. Secret Serviceu.s. department of Homeland security
How can you tell when someone has stolen your
information:
➢ Unexplained withdrawals or charges to accounts.
➢ You unexpectedly stop/start receiving bills or other mail.
➢ You start receiving calls/visits from debt collectors about
debts that you don’t have.
➢ Unfamiliar accounts appear on your credit report.
➢ Your bank account is over-drafted when you know there were
sufficient funds.
U.S. Secret Serviceu.s. department of Homeland security
Prevention:
➢ Do not wire money to someone whom you have never met in
person. Craigslist; Grandchild arrest; Power shut off
➢ Don’t respond to messages that ask for your personal or
financial information.
➢ Don’t play a foreign lottery.
➢ Don’t agree to deposit or cash a check for someone you don’t
know.
Source: Federal Trade Commission – “10 Things You Can Do to Avoid Fraud”
U.S. Secret Serviceu.s. department of Homeland security
Prevention:
➢ Read your bills and monthly statements regularly….and then
shred any paper documents you no longer need.
➢ Donate to established charities, rather than those that have
sprung up overnight.
➢ Review your credit reports regularly at
www.annualcreditreport.com for free.
➢ If an offer sounds too good to be true….it probably is.
Source: Federal Trade Commission – “10 Things You Can Do to Avoid Fraud”
U.S. Secret Serviceu.s. department of Homeland security
What to do if you are a VICTIM:
1. Call the companies where the fraud occurred.
2. Place a fraud alert on your credit report and get a copy.
(Trans Union, Experian, Equifax)
3. Report the incident to the Federal Trade Commission.
4. File a report with your local police department.
Source: IdentityTheft.gov
U.S. Secret Serviceu.s. department of Homeland security
What to do if you are a VICTIM:
➢ Close new accounts opened in your name.
➢ Work with the credit bureau to correct your report.
➢ Consider having an extended fraud alert or credit freeze.
➢ If applicable: report misuse of SSN, resolve tax issues,
replace government issued IDs, clear your name of any
criminal charges.
Source: IdentityTheft.gov
U.S. Secret Serviceu.s. department of Homeland security
What to do if you are a VICTIM:
➢ Document all telephone calls, letters, and contact with the
people and companies you speak with to resolve your dispute.
➢ Keep all supporting documentation in a very organized file.
➢ Visit: www.Consumer.ftc.gov and www.identitytheft.gov.
U.S. Secret Serviceu.s. department of Homeland security
Create an Identity Theft Report:
1. Submit a complaint about the incident to the FTC via the
website and print as an Identity Theft Affidavit.
2. File a police report about the incident, provide the PD with
the FTC Affidavit, and get a copy of the police report.
3. Keep the Affidavit and police report together to present to
any companies that you need to deal with to resolve the
issue.
U.S. Secret Serviceu.s. department of Homeland security
Best Practices for Personal Computing Security
Migrate to a modern operating system
Windows 7 or Windows 8
Mac OS X Lion
Enable the recommended security settings such as automatic updates and
the firewall
Utilize a second stand alone computer for use when interacting with
financial institutions.
U.S. Secret Serviceu.s. department of Homeland security
Authentication
Use security questions that no one else would know or find from Internet
searches
Consider providing a false answer to a security question to prevent an
attacker from leveraging personal information
U.S. Secret Serviceu.s. department of Homeland security
Online Safety
Use of Social Networking Sites
• Avoid posting personal information on social networking sites
• Opt out of displaying personal information
• Review security and privacy
Email Best Practices
• Use different usernames for work and personal email addresses
• Do not set out-of-office messages
• Do not answer unsolicited messages
U.S. Secret Serviceu.s. department of Homeland security
Photo/GPS Integration
• Do not post photographs from phones and point-and-shoot cameras that
embed the GPS coordinates for a particular location
• Commercial tools can be used to remove these coordinates
Social engineering
• No legitimate organization will request usernames and passwords via email
or telephonically
• Do not click on hyperlinks in unsolicited emails
• Do not click on hyperlinks from forwarded emails even from known
individuals
Online Safety
U.S. Secret Serviceu.s. department of Homeland security
Online Safety
• Keep operating system and applications up to date
• Use an anti-virus application
• Do not open email attachments from unsolicited email
messages
• Do not download and install applications from un-trusted web
sites
U.S. Secret Serviceu.s. department of Homeland security
Questions?
U.S. Secret Serviceu.s. department of Homeland security
Michael Phillips
Special Agent
U.S. Secret Service
Greenville Resident Office
864-233-1490