Tuesday, October 17, 2017

“Real” ID


The other day I jumped in a friend’s car for a quick errand. Doing the quick pocket check I noticed that all I had was my cell phone. Oh well, where we were going didn’t require the need for money or identification. If I did need money I could probably use the mobile pay feature. The thought did cross my mind though,  “What if I needed to identify myself to authorities”? Would security officers or the police accept the personal contact card on my phone as my identity?

Without a government issued ID isn’t your phone just like a wallet full of credit, library, reward cards, etc.? Lots of stuff with your name on it but no official identification. For the most part I doubt any police officer would accept information about you on a phone in your possession as a positive ID. They’d probably take it into consideration and just do it old school. Get all of the pertinent details and run a computer check to verify your identity.

Driver’s licenses as ID

When automobiles started roaming the countryside they and their operators were unregistered. In 1901 New York was the first state to require automobiles to be registered. Many states followed suit and required licenses for autos but not the drivers. Massachusetts and Missouri required the first personal U.S. driver’s licenses in 1903. Since that time driver’s licenses have been used not only as an affirmation that the state approved the holder to operate an automobile, but also as a form of personal identification.
Since the U.S. has no national identification cards, the driver’s license has filled that void.

Digital driver’s licenses, to be displayed on phones, are being considered in several states, Maryland being one of those. Security and privacy issues are at the forefront of these considerations. In the Apple v FBI standoff we saw how difficult it is for law enforcement to unlock and/or view information on a persons phone. So until your state adopts a digital driver’s license using your phone to identify yourself probably wouldn’t be taken as official.

Security? Using your phone probably a definite no, as you need a government issued photo ID to get in to facilities and to travel. Airlines accept digital boarding passes when backed by government issued photo DI’s. Even your standard driver’s license is changing. To combat fraud and counterfeits states have been updating licenses and the way they are issued. Although many states took up the license issue themselves, Congress ensured that all states would have to get on board passing the REAL ID Act in 2005.

REAL ID Act

The REAL ID Act set the benchmark for personal forms of identification establishing minimum security standards for driver’s license issuance and production. Further, the act prohibited federal agencies like the TSA from accepting driver’s licenses from states that do not meet the standards. The deadline set by the act is January 22, 2018. After that date residents of all states will need a Real ID Act compliant driver’s license or a passport to pass through airport security.

The act requires that driver’s licenses include all the identification features you would assume but also digital photographs, physical security features that prevent tampering or counterfeiting, and machine readable technology (barcodes/magnetic stripers). As the concept of digital driver’s licenses is being studied, the effective date of the REAL ID Act in 2018 will either extend or quash those studies.

List of REAL ID compliant states can be found on the Department of Homeland Security page, REAL-ID 

While you could probably identify yourself with the contents of your phone it is doubtful you’d get through a serious police encounter. You certainly couldn’t board an airplane. Probably better to add “license” to your pocket checklist.

Read the blog archives for another post about personal identification.
Can I see some ID? February 2014

Monday, October 2, 2017

Backup Safety


There was another report of a family member backing up in the driveway, running over, and killing their own child. When a parent loses a child the pain must be unfathomable. To be the cause through an accident is beyond imagination.

The child safety advocacy KidsandCars.org reports that over fifty children are backed over every week in the U.S., resulting in an average 232 fatalities. In 70% of the incidents a parent or close relative is the driver.

When learning to drive we were taught a safety checklist before turning the key. Over the years we become hurried, preoccupied, complacent. We drive the same cars every day. The seat and mirrors are always in the same place. Just start and go. Years of driving experience and familiarity with our surroundings blind us to what is right in front of us. Or behind. The safety checks become forgotten- second nature. Just like you can obscure a motorcycle with your thumb, KidsandCars.org has an interesting example of thirty children standing and sitting behind a SUV-All out of the view of the driver.

Children playing behind vehicles have no idea of the dangers. Bigger SUV’s and trucks that have high clearances can create a welcoming, shady, private area for a child to play. Electric and hybrid vehicles exacerbate the hazards, as they create little to no sound.

Children being left in cars are yet another issue that is increasingly in the news. Sometimes it is forgetfulness. Some are purposeful in the sense, “It’s only for a minute”. If casinos are nearby the chances go up. Maryland covers approximately 12,400 square miles with a population of about six million, with six casinos spread throughout the State. According to a March 2017 Baltimore Sun article, Gamblers leave their kids in cars almost everywhere there are casinos, Kidsandcars.org have chronicled more than 300 cases of child abandonment at casinos nationwide since 2000. There have been fourteen incidents of children abandoned outside casinos in Maryland over the last two years.

As responsible adults we need to stop and review our driving habits and preparations. It takes less than a second to check behind your vehicle before getting in. Checking the surrounding area and the interior before getting in the car should be part of a personal security/safety check anyway.


Simple changes to our routines, education and awareness, go a long way. They may literally save a young life.

Monday, September 18, 2017

Is your business ready for wild weather?


FEMA Photo library-Liz Roll

Note: This post was originally published in 2012 and has been updated with current information.

The last two weeks Mother Nature has unleashed her fury on the southern U.S. and eastern Mexico with three hurricanes and a major earthquake. As of this posting, two more hurricanes have the potential to strike the Eastern seaboard. Millions have lost homes and businesses. Between hurricanes Harvey and Irma everyone seemed to know at least one person, if not more, directly affected by the storms. Our prayers continue to be uplifted.

When this particular post was written in 2012 the Mid Atlantic was preparing for another storm as we patiently watched the track of hurricane Sandy. While Sandy made more of an impact farther north, the Mid-Atlantic region had experienced some past wild weather. There were three blizzards in one winter, two back to back. In 2011, there were back to back tropical storms. In 2012, we experienced a derecho storm. A derecho type of storm and the name itself being new to the area. Going back to 2003 we all remember the massive flooding associated with Isabel. All of these weather events caused power outages, some for several days or a week plus. 

Getting back to business

In 2012, as now, you see businesses staying open as long as possible to service their communities. After the storm they open as quickly as possible to resume operations. Sometimes a business is lost. In addition to ensuring that their family and homes are safe, small business owners must also protect their businesses, which in many cases are their livelihoods.

We become so accustomed to having electricity we forget all that is electric dependent, e.g.-gas pumps, ATMs, cash registers and credit card machines to list a few. We also become complacent as to how dependent our businesses are to electricity.

Power outages are reported in number of customers without power, not business loss. So there is not one source to determine how small businesses suffer. There are few businesses that can operate without power. Depending on your product you may be able to conduct some business with cash transactions. In the current economic climate any business loss is crucial. Add to that the possibility of losing inventory due to damage or loss of refrigeration and small businesses can really be hurt.

Preparation for business restoration

No different than a home, business owners should prepare for storms and power outages. The logistics of preparing your business for a storm and the loss of power after the storm can be complicated. Having a written plan of action can make the task easier. Take the lessons learned from past outages and make a simple outline. The adage of “being prepared” is true and can significantly reduce either your loss or time your business is down.

Depending on your location and the type of storm you may need to prepare your facility for flooding. This may include boarding windows, sandbagging, moving inventory and equipment. Your business has many unique facets that have to be examined when developing your plan. Here are a few operational items that should be considered.
  • Purchase generators or ensure generators are in place and operational.
  • Be prepared for cash transactions.
  • What type of telephone system do you use? Newer systems do not work without power or have limited hours battery backup.
  • What type of security do you have? As with the telephone system, security systems often have only limited hours backup. 
  • Backup computer business files. Sudden and/or prolonged power outages can result in data loss. When complete, store the files offsite. 
  • Review insurance policies and coverage’s annually with your provider. Update as necessary.
  • Make sure insurance and business documents are easy to locate and safe from harm.
  • In the winter, prepare for safe ways to provide heat to your business.  


The biggest mistake business owners can make is not heeding warnings and being caught off guard. We can all learn from the recent storms and past winters heavy snows. Having a recovery plan of action to protect your business assets may be the some of the cheapest insurance available.

Monday, September 11, 2017

Cleaning Up Your Online Presence


Ever been asked at checkout for your phone number? You haven’t been in the store for a long time, if ever by your recollection, but the clerk wants to know if you’re in the system. You provide a phone number and surprise surprise you are in there! Phone number, name, and address. It’s probably not a retail conspiracy to create a super database of shared data. What it does reveal is how our lives and personal data are intertwined within the world of information.

When information was written on paper there was less of it and it was more fragile. Tear it up, burn it, poof it’s gone. Carbon paper, mimeographs, and copy machines (Younger readers will have to look those up) changed that. Documents were being copied and filed in triplicate. Computers, of course, made it all easier but it wasn’t until the ol’ World Wide Web came along that hiding in plain sight became difficult.

In the old days it was easy to disappear. You simply moved to another town. Started using a new name and slowly built your new persona. As technology progressed information began being stored on computers. Those computers could be accessed for information stored about you, but only for the specific information the entity had stored. Once computers became connected one entity could access another’s information. Then they began sharing information between each other and saving the data locally. The more digitally involved you are the bigger your online presence. As young people enter adulthood they have little to no digital footprint in the context of financial databases. What they do have is a social footprint, more on that later.

Google yourself

Have you ever searched your name? If not, give it a try. You might be surprised what pops up or how many of you are out there. The more you are in the public eye the more information that is going to be out there and, thus, the harder to clean up your online presence. A regular Joe should have limited occurrences as the result of a search. But even regular Joe’s can have an online presence depending on their interaction with social sites and images associated to their name. And that is what you need to be controlled.

Information for sale

Think about the seed system of a watermelon. You can take out a portion from the middle, but there are going to be all those strands extending throughout the melon. That is how it is in the digital world. Things truly do live forever on the Internet. You can have a record expunged from a database, but any reference to or sharing of that record in other databases is going to give it new life. Data has become a big commodity. Everything is for sale on the Internet. Data is being collected on every interaction you have on the Internet. The data collected by brick and mortar businesses is sought after. Once government databases went online (real estate, court information, etc) information brokers snatched up this data. All of this information is bought and sold and resold. The original purveyor of the data may have deleted it but the new entity has it saved and published it their own way.

Everyone that has data is looking for revenue sources, especially governments. Data mining companies buy data from phone companies (landline and wireless) and the government (real property and court records). The information is legitimately offered for sale on the Internet through pay sites or resold. Ever get those mailings and wonder how Joe Realtor knows how long you’ve lived in your house and what you can sell it for?

Your Job image

Younger people may not be in databases for real estate or financial institutions but they are using social media and sharing the media. Even someone with little life experience will pop up in a simple Google search, most likely under images. This is what haunts the 20-somethings when they start their job searches. Over the last few years’ different surveys have revealed that 40% of college admission offices and 40% of HR professionals research social media regarding applicants. Staying aware of your online presence is especially import when trying for a job.

Cleaning up online presence

You’re first step should be stop the flow of information. Review and change your social media privacy settings. Remove information from online shopping and other accounts that are old or unnecessary.

Whether it’s the garage, the basement, or the Internet before starting any clean up job you have to assess the situation. Start by searching your name and then different variations with your name, town, occupation, and any other identifier that you feel has a strong attachment to your name. Would suggest using Google as it is the most powerful, but using other search engines wouldn’t hurt. You’ll probably get different results.

Make note of the sites in which you pop up and what they are referencing. Find the source of the material you want removed and contact the source directly. Many will want sound reasoning why the post/picture should be removed. May want to read the companies privacy statements before you make the call to know where you stand and/or how to make the request.

Even though the source removes the post once it has been shared it lives on in other sites. You’ll have to track the posts digital trail and contact those companies as well. The tedious part is finding every link that’s associated with your name and going through the process each time. As with any situation where you are fighting an issue Document Document Document. Keep copious notes of your efforts in case you need to prove your attempts later or make subsequent requests.

After all that you are still going to be able to “find yourself” on government public access sites like real property and courts. People search sites and phone number search sites sell the information you are trying to keep private. Matters of public record like newspaper articles in which you’ve been mentioned are going to pop up.

To get your name removed from marketing lists there are organizations that can help. Similar to the national do not call registry, these services allow consumers to opt of marketing offers. You would be adding your name to another database, which may be counterproductive to what you’re trying to accomplish, but it does keep marketers from contacting you. Maybe. Who knows if it really works?

One such service is run by the Direct Marketing Association and allows consumers to have their names and addresses removed from direct marketing mailing lists. There is a fee-$2 for 10 years if you register online. The site can be found at www.dmachoice.org. The second removes the consumer from credit card and insurance offers. The service is provided in a joint venture between Experian, Equifax, Innovis, and Transunion. The site can be found at www.optoutprescreen.com.

You won’t be able to eradicate everything. If you’re serious about removing yourself from the Internet you’ll have to have as much as possible redacted. The rest will have to get buried in the voluminous amount of data filling the Internet. The less that is out there the more specific the search will have to be to find you. Not gone but harder to find.

Your personal information may be in myriad retail databases but at least you can try to keep what others read about you to a minimum. You can’t just completely disappear but can clean up your online presence so that you’re not easily searched.


See our blog archive for more posts about online presence.

Monday, August 28, 2017

Ideologies in the workplace


Watching what unfolded in Charlottesville in mid August I noticed one of the protestors wearing clothing marked with the Verizon logo, their uniform. Later Verizon issued a statement stating that the company in no way supports the white supremacist groups or the hate and bigotry associated with the groups. It may be sometime, if at all, when we hear if this person was an actual employee and was disciplined or terminated. Obviously, this person, whether an employee or not, put Verizon in an awkward position.

Publicly representing the company for which one works does limit what an employee can do in their off duty hours. Some businesses have policies specifically stating that employees cannot express political views while representing the company. What the employee does off duty when not representing the company and whether the company can control these activities has come under court scrutiny. Most notably in the use of medical marijuana. (Smoke ‘em if you got ‘em {Marijuana in the workplace})

If an employee is wearing the company uniform and participating in activities that go against the company values the company may have legal precedent to terminate or discipline the employee. The question that came to mind is what if the employee keeps the off duty activity anonymous? They do not espouse their ideologies at work and is a solid employee/coworker. Somehow their off duty activities are exposed and now the workplace becomes a hostile environment. Are there grounds to terminate that otherwise productive employee?

What are employer’s rights?

Allen Smith, J.D., wrote an excellent article for the Society For Human Resource Management website, Can or Should Employers Fire Employees Who Participate in Hate Groups? Smith reinforces what I have found, that the answer is not clear. When what employees do off duty creeps into the workplace several legal precedents have to be considered before an employee can be fired. Allen Smith makes the following points.
No federal law is violated if a worker is fired for being a member of a hate group or verbally expresses beliefs. Courts have rejected KKK members claim of religious protection under Title VII of the Civil Rights Act of 1964. Freedom of speech protections under the First Amendment does not apply to private employers.
Most states are work at will states meaning that employees can be terminated for any lawful reason. California, Colorado, New York, and North Dakota have laws protecting workers against being discriminated against while participating in lawful activity outside of work. However, if it becomes known at work that an employee was participating off duty in a hate-based protest, an employer may choose to terminate. Basing their action on violations of non harassment policies.
When dealing with customers who are offended by an employee’s ideologies, businesses have to consider the impact on the business. If the person continues to be employed will that affect business? Or is firing the employee at the risk of being sued better for the company?

Human resource issues are not cut and dried. Even though similar issues may have arose in the past, each case must be examined on their own. Always contact an employment law attorney before making termination decisions.

Tuesday, August 22, 2017

Smoke 'em if you got 'em? {Marijuana in the workplace}


Florida recently passed a medical marijuana bill becoming the twenty-ninth state to do so. State by state the legalization of marijuana for medical purposes is gaining ground. Eight states have decriminalized marijuana, allowing recreational use. (Alaska, California, Maine, Massachusetts, Nevada, Oregon, and Washington) However, the drug still remains illegal under Federal law. In fact, it remains a schedule I drug alongside opiates and synthetics drugs. The court battles that were expected with the U.S. Justice department after Colorado legalized marijuana have not occurred. The chances of employees being high at work are definitely increasing. Businesses are scrambling to adapt.

A survey of 10,000 California cannabis users revealed 58% of working professionals use daily and 31% consume while working. (Eaze Insights) Some businesses not only allow the consumption of marijuana at work, they encourage it. Those that do say that it helps employees with stress and anxiety promoting longer work days and creativity. These businesses are mainly in the legal cannabis industry or tech fields.

What is at odds are company drug policies and making accommodations for those with disabilities. Companies want to be inclusive but want to maintain standards as well as workplace safety. Medical marijuana users are looking to the American Disabilities Act for protection.

American with Disabilities Act

The American with Disabilities Act  (ADA) was signed into law in 1990. Succinctly, the ADA prohibits employers from discriminating against those who are disabled and requires employers to provide reasonable accommodations to a qualified individual with a disability to perform the essential duties of their job. Illegal drug use is not covered as a disability. However, the ADA does allow for the use of drugs taken under the supervision of a health care professional. Marijuana may be legally prescribed under a state law but remains illegal Federally. Then there’s the Drug Free Workplace Act of 1988 requiring that Federal contractors provide drug free workplaces as a condition of receiving a contract.  The ADA states that employers can require employees to conform with the Drug Free Workplace Act. Further, under the ADA drug testing is not considered a medical examination, allowing employers to test for the use of illegal drugs.

With state law in conflict with Federal law regarding the legality of marijuana, tests of the ADA are definitely heading to the courts.

Court challenges

Rights of the employer and the employee vary state by state. As examples: Arizona, Connecticut, Illinois, Minnesota, and New York laws prohibit employers from discriminating against employees who use medical marijuana and must make accommodations, some further citing-unless the employee is under the influence at work. Florida’s recently passed law does not require an employer to accommodate on site medical marijuana use. California passed Proposition 64 in 2016, which allows for the recreational use of marijuana. However, the law protects an employer’s rights to enforce workplace drug policies. Rhode Island’s law protects the employer’s right against accommodations for on site consumption but protects the medical marijuana cardholder against hiring discrimination.

A 2017 Rhode Island court case ruled that employers could not refuse to hire medical marijuana cardholders even though the person would knowingly not pass the employer’s pre employment drug test required of all applicants. (Callaghan v Darlington Fabrics Corp., No. PC-2014-5680, Rhode Island Superior Court, May 23, 2017)

Another twist to the saga is the off site or off duty use of marijuana which may be legal in the specific state but against company policy. In one of the first court cases of off site medical marijuana use the Colorado Supreme Court heard the case of Coats v Dish Network in 2010. The court upheld the firing of a man who failed an employer random drug test for marijuana use. Briefly, in 2010, Dish Network fired a telephone operator who was also a medical marijuana patient after he failed a random drug test. Although the employee claimed that he never used marijuana at work nor was he ever impaired while at work. The case was the first to look at whether off duty marijuana use, legal under Colorado state law, is protected by Colorado’s Lawful Off Duty Activities Statute. The statute states that employers cannot fire employees for doing legal activities while not at work. Although medical marijuana use is legal in Colorado, the court ruled that its use is still illegal under Federal law. The ruling supported employer rights to enforce their drug policies. Since this case, courts in California, Oregon, and Washington have also ruled against employees.

The most recent case regarding this issue occurred in July 2017 and went against the employer. In Barbuto v Advantage Sales and Marketing, LLC the Supreme Judicial Court of Massachusetts ruled in favor of an employee to use medical marijuana outside of work. The employee claimed that since they have an ADA qualified disability (Crohn’s disease) the employer must make accommodations for employee to use medical marijuana off duty. The ruling was based on the state’s anti discrimination law. The court rejected the employer’s argument that marijuana is illegal under Federal law and to allow accommodations would be unreasonable.

Maryland

Maryland is still getting going on its version of medical marijuana. The law was passed in 2013 and took effect in 2016. However, there have been legal challenges to the dispensary licensing process that has slowed implementation. Maryland decriminalized possession of less than 10 grams of marijuana in 2014.  Marijuana is still considered illegal but possession of smaller amounts will result in a civil citation rather than arrest. Each year since there have been bills introduced to further decriminalize marijuana. In 2016, a law passed making possession of paraphernalia a civil offense. In 2017, those convicted of marijuana offenses may petition to have their records expunged.

What to do, what to do…

Confused? Don’t feel bad. It’s a tricky topic that is evolving almost monthly. Employer’s need to have hiring policies as well as policies to guide employees. These policies have to be living documents and open to change. Having employees and dealing with human resource issues is difficult, especially for small businesses. The rules are constantly changing. There will always be challenges to any policy or rule. You have to stay ahead of the curve and aware of what’s taking place.

See the blog archive for other posts regarding workplace discrimination and medical marijuana.
Which came first... February 2017
Ban the Box update August 2016



Tuesday, August 8, 2017

Skimmers


We’re not talking about water bugs, tools to clean your pool, or skipping rocks. These skimmers steal your financial identity. The news had reported that skimmers were discovered on a local gas station’s pumps. This particular station consistently has problems with pump maintenance and just the overall condition of the pumps seems to be “beat up”.  It was not a surprise that skimmers had been installed. Not that the owners had any involvement, but meaning that the owners/operators are not paying attention to the condition of the pumps. Or what is going on at the pumps. This station is also known to allow third party vendors to sell their goods on the lot and accost customers at the pumps. Big personal security peeve-Do not approach me while I’m using a gas pump or ATM. These little things add up and go back to not being surprised. The condition and environment of a business can be both a determent and invitation to criminals.

Not everyone may know exactly what a skimmer is or the extent of the problem. I thought some background might help us from becoming victims. A little education goes a long way.

Skimmers

So what are skimmers?  Credit card skimmers or skimmers are electronic devices that are attached to machines with credit card slots. Mostly ATM’s or gas pumps. The parasite device usually fits over top of the original slot so that the customer believes they are inserting their card into the machine’s card slot. When in reality the card is swiping through the criminal’s device. The device retrieves the credit card data from the magnetic strip and stores it until the criminal retrieves the device. Newer, more sophisticated devices attach internally to the machine’s card slot or transmit the data via Bluetooth.

Although criminals can make use of debit card information, it is much easier with the associated PIN. To gather this information there will also be a camera attached somewhere to video the customer entering the PIN on the keypad. Or a fake keypad accompanies the slot reader and records the keystrokes. Most times the operation of the machine is not affected. If the machine fails to work, you may have already become a victim.

History of skimmers

The idea of the use of credit card skimmers was mostly urban myth. In the late 1990’s, we were just getting use to personal computers, let alone tiny devices that could steal data from a magnetic strip. Nobody believed that such things existed or could work.

The skimmer myth also gained notoriety in restaurants. Wait staff would be issued a small skimming device to carry with them. They covertly slide the card through the device to collect the data from the magnetic strip on the way to cash register. The device holds all of the data until the end of the shift when they pass off device and are paid for their efforts. The victims then start seeing charges on their cards.

If you think about it, a restaurant is the only place you hand a stranger your credit card and let them walk out of sight.

Gizmodo.com featured a good 2014 article on skimming history, The Evolution of ATM Skimmers 

Here is a synopsis:
2002- A CBS report confirmed the existence of skimmers when they reported devices that could record the names, account numbers and other identifying information from credit card magnetic stripes.
2008-Naples Police Department investigated a rudimentary device jammed over an ATM's actual reader. The thief inserted a "micro camera" under a plastic sheet to capture the victims' keypad strokes. This was one of the first times a device had been recovered.
2009-Skimming really takes off as the devices, in different shapes and sizes began being discovered on ATM’s.
Over the next few years the technology progressed. The Internet allowed for distribution networks to manufacture devices and kits that were identical to the machine the criminal hoped to crack. 
            2011-ATM manufacturers began cracking down on skimming by installing anti-skimming devices on their machines. These consisted of translucent, circular casings over the card reader, which the criminals quickly learned to replicate.
2012-Skimmers become too small to be detected. Some being paper thin and inserted into the card slot.
2013-Gas pumps became targets.  A series of scams in Oklahoma saw thieves take home $400,000 from a chain of Murphy's gas stations before they were eventually caught. The thieves used a card skimmer and fake PIN pad overlay to obtain the necessary information. Even more eye opening, these skimmers used Bluetooth enabled devices that sucked power from the pumps themselves allowing them to run indefinitely, and allow remote access to the data. ; once it was installed, the thieves would never need touch the skimmer again.

How it works

The devices used come in all shapes and sizes. Most fit over the card slot. Some actually are big enough to replace the machine face. The closer to resembling the original card slot the less chance of being detected. Home 3D printers are making these deceptions a lot easier. As with everything else electronic, these devices are getting smaller everyday. Some skimming devices are so small and thin, they slide inside of the card slot itself. Newer devices attach to the internal wiring of the card slot. These are mostly used on gas pumps. How do criminals get inside the pumps you ask? Universal keys are available that open the pump faces exposing the card readers. The criminal will have one or more accomplices to block camera/attendant views while they install the device. Victims never know what hit them.

Once collected, the numbers are used in different ways depending on the criminal. Some are sold on the Internet for around $50 a piece (+/-).  Some criminals use the collected numbers to make counterfeit cards, which they use to purchase items, usually electronics, for resell. (Similar to Melissa McCarthy in the movie Identity Thief) The more advanced organizations use the cards to purchase gas. They drive around in specially outfitted passenger vehicles filling up covert gas tanks. This gas is then off loaded into tanker trucks and sold to less than scrupulous gas stations. 

There are thousands of iterations of card skimmers. If you’d like to see what they look like just search “credit card skimmers” in Google images.

Protection

Criminals and the technology they use are getting more sophisticated. The Internet provides enough intelligence that consumers can protect themselves. But criminals are sharing information as well. Once law enforcement or consumers defeat one strategy, criminals learn and improve their methods. So what can you can do.

Some gas stations are installing seals to cover the seams that hold the payment box. A broken seal is obvious, but multiple seals overlaid is a clue and, of course, enterprising thieves can replicate seals. Another clue can be the condition of the machine in which you are about to slide your card. If the payment box area is not maintained or appears to have been forced open, be wary. Inspect the card slot. Give it a tug. If anything is out of sorts or the slot comes off in your hand report it to the station and the police.

If your transaction attempt doesn’t work, don’t keep trying. Stop and perform an inspection. The skimmer may be causing a malfunction.

Some habits to get in to help protect your card security:
  • Use Pumps/ATMs near attendants. Less chance they were compromised.
  • Pay inside
  • Pause before you swipe, inspect car slot, look for security seal
  • Feel for difficulty inserting or sliding card
  • Wiggle slot housing. Don’t have to break it. Criminals aren’t going to install anything that takes time or is permanent
  • Check nearby pumps, compare slots for differences
  • Guard the card number
  • Use Apple/Samsung/Android pay whenever possible
  • Check accounts regularly

Any suspicions report to the business owner, the police, and the issuing bank.

This post focused mainly on gas pumps. Another area of concern is the new style parking meters that allow you to swipe at the meter. Seems like easy targets. Get back to you on those.

Please feel free to share. See the blog archive for more articles on personal security