U.S. Secret Service...U.S. Secret Service u.s. department of Homeland security The USSS was...

U.S. Secret Service

u.s. department of Homeland security

Michael Phillips

Special agent

Greenville Resident OFFICE

U.S. Secret Serviceu.s. department of Homeland security

The USSS was originally created in 1865 as a branch of the

U.S. Treasury Department to combat the counterfeiting of

U.S. currency - a serious problem at the time. In fact,

following the Civil War, it was estimated that one-third to

one-half of the currency in circulation was counterfeit.


Identity Theft / Fraud Offenses :

➢ Title 18 USC 471 - Manufacturing of Counterfeit U.S. Currency

➢ Title 18 USC 510 - Theft/Forgery of U.S. Treasury Checks

➢ Title 18 USC 513 - Counterfeiting/Forgery of Private Securities, i.e. traveler’s

checks, cashier’s checks, corporate checks, etc

➢ Title 18 USC 514 - Fictitious Instruments, i.e. Comptroller’s Warrants, Certified

Banker’s Checks, Philippine Victory Notes, etc.

➢ Title 18 USC 1028 - False ID, Identity Theft

➢ Title 18 USC 1029 - Access Device Fraud

➢ Title 18 USC 1030 - Computer Fraud

➢ Title 18 USC 1343 - Wire Fraud

➢ Title 18 USC 1344 - Bank Fraud


What Are Identity Theft and Identity Fraud?

“But he that filches from me my good name / Robs me of that

which not enriches him / And makes me poor indeed.”

(Shakespeare, Othello, act iii. Sc. 3.)

The short answer is that identity theft is a crime. Identity theft

and identity fraud are terms used to refer to all types of crime in

which someone wrongfully obtains and uses another person's

personal data in some way that involves fraud or deception,

typically for economic gain.

Source: Department of Justice


The DefinitionIdentity Theft is when a thief assumes someone’s identity by using personal

information, such as his/her name, social security number, and date ofbirth to do the following in the name of the victim:

• Buy motor vehicles• Open credit accounts, including utilities and cell phones• False funding of Deposit accounts with credit cards attached• Rent apartments or buy homes

Leaving the victim with the bills and a damaged credit history file

Account Takeover (of existing accounts)Through fake ID and/or access to passwords and personal particulars

Assumes control over someone else’s financial accounts

Identity Theft is notUsing someone else’s credit card number to buy

• goods and services • Over the internet• By phone or mail order

This is fraudulent use of their account


Identity Theft and Fraudulent-use-of-accountsDistinction is important because they have different causes and different remedies

ID TheftCause

• Compromise or giving away of sensitive identity information enabling the thief to pose as the real person (victim)

Remedy• Tighter control of information distribution (customer)• Security of customer data (internal from data breach)• Improved customer verification prior to new account opening

Fraudulent Use of AccountCause

• Compromise of CC data stored on merchant, retailer’s and paymentprocessor databases

Prevention• Check your CC usage on line.• Auto alerts


2014 Statistics:

➢ 1 in 14 Americans was the victim of identity theft.

➢ 17.6 million people over the age of 16.

➢ 1 million more people than in 2012.

Source: Bureau of Justice Statistics (BJS) – Victims of Identity Theft, 2014


2014 Statistics:

➢ The most common type of identity theft reported was

“unauthorized misuse or attempted misuse” of existing bank

accounts – approximately 8.1 million victims.

➢ 45% of victims found out about the fraudulent incident when

contacted by their financial institution.

➢ Fraudulent use of a credit card accounted for 8.6 million

victims.



2014 Statistics:

➢ 14% of victims suffered an out-of-pocket loss of $1 or more.

➢ About half of those suffered losses of $99 or less.

➢ 14% of victims suffered an out-of-pocket loss of more than

$1000.00.

➢ Most victims were able to resolve any problems associated

with the incident in a day or less.

➢ About 9% of victims spent more than a month trying to

resolve the issue.



2014 Statistics:

➢ 9.2 million women victims vs. 8.3 million men.

➢ Elderly victims (65 and older) increased by more than

500,000 from 2012.

➢ People with incomes of $75,000 or more, were the most likely

to be the victims of financial fraud (disposable income?).



2014 Statistics:

➢ Only 1 in 10 people went to law enforcement for help.

➢ 87% of people contacted their bank or credit card company.

➢ 85% of people in general claimed to have taken some action

towards preventing identity theft, including checking credit

reports, shredding personal documents, or changing

passwords.



Types of Fraud / Identity Theft:

➢ Skimming

➢ Data Breach

➢ Investment Scam

➢ “419” Scam

➢ IRS tax fraud


What is Skimming?

The copying of electronically transmitted full track data on the magnetic strip of a credit card, to enable valid electronic payment authorization to occur between a merchant and the issuing financial institution.

Track data otherwise known as a “DUMP”


Skimming•The equipment is available over the Internet

• The software and hardware are very user friendly and extremely

mobile

• The skimmed information can be transmitted via e-mail anywhere in

the world within hours after it is skimmed

• Cardholders are not aware that they have been victimized until they

receive statements showing the fraudulent charges


SkimmingCommon Skimming Locations

• Restaurants• Hotels• Gas Stations (affixed to pumps)• ATMs (affixed to machine)

Why are these locations so popular?• Heavy customer volume• Credit card is common payment method• Multiple employees (difficult to identify suspect)• Employee turnover (co-conspirators easy to recruit / emplace) • Covertly placed (gas pumps and ATMs


Skimming

Credit Card Number

& Name

CVC

Discretionary

Information embedded within Information embedded within

Credit Card TracksCredit Card Tracks

Skimmers Capture all 3 Tracks of Information


Skimming


ATM Skimming


Gas Skimming


Gas Skimming•The advent of wireless technology has led to passive wireless

skimming, where perpetrators plant skimming devices that

broadcast account information wirelessly in gas pumps, ATMs,

and point of sale terminals.

•These devices minimize physical interaction with the

skimming device, increasing the odds that the skimmer will

operate undetected.

•Even if a wireless skimmer is found, it can be difficult to

identify its owners


Data Breach -Current TrendsHackers are attacking:

Brick-and-mortar merchants

Issuers

E-commerce merchants

Processors and Agents

Hackers are looking for:

Software that stores sensitive cardholder data

Personal information to perpetrate identity theft

Track data and payment account numbers

PINs

Malware customized to steal cardholder data


Insecure Systems • Not installing critical patches

• Unused ports open

• Default passwords

• No anti-virus

• Remote desktop clients

• No password expiration

• Insufficient Account Maintenance

Human Vulnerabilities• Non-complex Passwords

• Same password across multiple systems

• Common shared password and Admin accounts

• Email and attachments from unknown individuals

• Social Engineering

Data Breaches


Questions?


How can you tell when someone has stolen your

information:

➢ Unexplained withdrawals or charges to accounts.

➢ You unexpectedly stop/start receiving bills or other mail.

➢ You start receiving calls/visits from debt collectors about

debts that you don’t have.

➢ Unfamiliar accounts appear on your credit report.

➢ Your bank account is over-drafted when you know there were

sufficient funds.


Prevention:

➢ Do not wire money to someone whom you have never met in

person. Craigslist; Grandchild arrest; Power shut off

➢ Don’t respond to messages that ask for your personal or

financial information.

➢ Don’t play a foreign lottery.

➢ Don’t agree to deposit or cash a check for someone you don’t

know.

Source: Federal Trade Commission – “10 Things You Can Do to Avoid Fraud”


Prevention:

➢ Read your bills and monthly statements regularly….and then

shred any paper documents you no longer need.

➢ Donate to established charities, rather than those that have

sprung up overnight.

➢ Review your credit reports regularly at

www.annualcreditreport.com for free.

➢ If an offer sounds too good to be true….it probably is.

Source: Federal Trade Commission – “10 Things You Can Do to Avoid Fraud”


What to do if you are a VICTIM:

1. Call the companies where the fraud occurred.

2. Place a fraud alert on your credit report and get a copy.

(Trans Union, Experian, Equifax)

3. Report the incident to the Federal Trade Commission.

4. File a report with your local police department.

Source: IdentityTheft.gov



➢ Close new accounts opened in your name.

➢ Work with the credit bureau to correct your report.

➢ Consider having an extended fraud alert or credit freeze.

➢ If applicable: report misuse of SSN, resolve tax issues,

replace government issued IDs, clear your name of any

criminal charges.

Source: IdentityTheft.gov



➢ Document all telephone calls, letters, and contact with the

people and companies you speak with to resolve your dispute.

➢ Keep all supporting documentation in a very organized file.

➢ Visit: www.Consumer.ftc.gov and www.identitytheft.gov.


Create an Identity Theft Report:

1. Submit a complaint about the incident to the FTC via the

website and print as an Identity Theft Affidavit.

2. File a police report about the incident, provide the PD with

the FTC Affidavit, and get a copy of the police report.

3. Keep the Affidavit and police report together to present to

any companies that you need to deal with to resolve the

issue.


Best Practices for Personal Computing Security

Migrate to a modern operating system

Windows 7 or Windows 8

Mac OS X Lion

Enable the recommended security settings such as automatic updates and

the firewall

Utilize a second stand alone computer for use when interacting with

financial institutions.


Authentication

Use security questions that no one else would know or find from Internet

searches

Consider providing a false answer to a security question to prevent an

attacker from leveraging personal information


Online Safety

Use of Social Networking Sites

• Avoid posting personal information on social networking sites

• Opt out of displaying personal information

• Review security and privacy

Email Best Practices

• Use different usernames for work and personal email addresses

• Do not set out-of-office messages

• Do not answer unsolicited messages


Photo/GPS Integration

• Do not post photographs from phones and point-and-shoot cameras that

embed the GPS coordinates for a particular location

• Commercial tools can be used to remove these coordinates

Social engineering

• No legitimate organization will request usernames and passwords via email

or telephonically

• Do not click on hyperlinks in unsolicited emails

• Do not click on hyperlinks from forwarded emails even from known

individuals

Online Safety


Online Safety

• Keep operating system and applications up to date

• Use an anti-virus application

• Do not open email attachments from unsolicited email

messages

• Do not download and install applications from un-trusted web

sites


Questions?


Michael Phillips

Special Agent

U.S. Secret Service

Greenville Resident Office

864-233-1490

[email protected]

U.S. Secret Service...U.S. Secret Service u.s. department of Homeland security The USSS was...

Documents

Transcript of U.S. Secret Service...U.S. Secret Service u.s. department of Homeland security The USSS was...