We see a steady stream of news stories about data breaches that result in damage to company reputations, impact to share valuation, cost to implement new security measures and in many cases fines and/or penalties to cover the cost of associated fraud. In the payments and security world, we tend to focus on the IT side and how to guide businesses to make good decisions to help them implement a strategy that will result in the appropriate corrective action. We know corporations can follow good security practices to protect data and prevent fraud, but what about consumers? There are several easy security tips businesses can use to advise consumers on how to protect themselves. Not everything is bulletproof especially when it comes to security but taking some steps is certainly better than doing nothing.
Passwords and Credentials
We’ve all heard it before: don’t use the same insecure password and don’t stay logged into apps and websites, especially those that could be used to make unauthorized purchases. We all know this is what we should be doing, but how many of us follow this guideline? Do you really log in to Amazon or Uber Eats whenever you want to place an order?
Strong passwords are easy to use. Just come up with something you will remember that has upper and lower case letters, a number and a special character. One way to add additional complexity and create a unique password for each service is to add the first X letters of the site/app name either to the beginning or end of your password.
To customize a password for Uber in this way, the password “D0ge!over” would become “D0ge!overUbe”.
Your password should also change regularly, so schedule a quarterly reminder to do so.
If you’re going to stay logged into apps or websites, set a screen lockout on your laptop and cell phone so you must enter a password or code to access the device. Another step a consumer can take to protect their credentials is to use different email addresses for different types of accounts. This way, your IG login uses a different email address than your banking app.
Two-party Authentication and Notification Alerts
Today, many apps and websites support two-party authentication and notification alerts for improved security. Often, these features must (and should) be enabled by the consumer in the account security or privacy settings. Most of us are familiar with two-party authentication because we have been required to enter a code received via text or email to create a new account. Notification alerts are typically sent when a new device is added or when an account credential like an email address is changed.
Many consumers are unaware that their bank may be able to send notification alerts for any new charges on debit or credit card accounts. It might be a bit annoying to get a text or email every time a card is used until you get an alert for a charge you don’t recognize.
Credit Monitoring and (Fee-Free) Credit Freezing
For consumers that want to go the extra mile, several services can be used to monitor their credit, such as LifeLock or the three credit monitoring bureaus. In addition to monitoring, credit freezes prevent new lines of credit from being opened in your name.
Credit freezes can take a few days to go in effect and will prevent companies from opening new lines of credit for identity thieves or the consumer, so don’t forget to unfreeze your credit before applying for a mortgage or car loan.
As of September 21st, 2018, a new federal law will require the three credit bureaus to provide free credit freezes and fraud alerts to consumers including children (in many states). Since children are popular targets for identity thieves, freezing their credit and setting up fraud alerts now may help them later in life. ‘Krebs on Security’ has a great article with a deep dive on credit freezing that is worth reading and includes links to the three credit bureaus to sign up for those fee-free credit freezes and fraud alerts. For even more information, the Consumer Financial Protection Bureau (CFPB) has a list of consumer reporting companies and explains and how to get free (and paid) reports from credit monitoring and employment screening to gaming (as in casinos, not Fortnite).
For further discussion, contact Sean at firstname.lastname@example.org.