Sunday, May 16, 2010

Don't use a debit card when dining out!

This Saturday, my husband got an e-mail from American Express, warning him of a fraud alert. It was a personalized e-mail, but fearing a phishing scam, he went to a trusted bookmark where he monitors our AMEX account (and my shopping habits!) and sure enough, in big red letters, was the announcement of a fraud alert. Someone attempted to buy an Apple iPhone and other smaller purchases using his account number. AMEX denied the purchase because the card numbers were keyed in manually.

In addition to American Express, we alternately use our Visa or MasterCard or a debit card which works directly from our checking account.

How did our AMEX number get loose? We carefully retraced our purchasing steps. We use AMEX exclusively for online purchases. We use our debit card at grocery stores or places where there is point of service swipes. Our credit cards rarely leave our possession.  Except when we dine out.

The week before last, we did just that. My husband and I enjoyed a meal at a well-known eatery in Rehoboth and a nice, young waitress, likely a college student, took our AMEX card to process our bill.  She was not a foreign student.

We can't accuse the eatery or the waitress. The breach could have occurred with any employee who has access to account numbers. But it got us thinking- the only time credit cards usually leave our possession is when I don't feel like cooking- which is a lot.

In those few seconds, a part-time, seasonal employee could run a paper and pencil impression, or easier still, take a quick image of our card with a cell phone. The person doing this may not be interested in using our card for purchases. Instead they can earn a few quick bucks selling a valid number to outside parties that do.

Fortunately, AMEX and other banks have excellent fraud and security departments. They sniffed the fraud out before it could even occur, and had it occurred, we would not have been held responsible.

But if we had used our debit card, cash funds could have been removed from our checking or savings account. Eventually, our bank would make good on it - most banks do- but it could be days or weeks before you regain access to your funds.

What can you do?

1. Do not use debit cards in restaurants. If that is where the funds are coming from, you are better off getting the cash from an ATM. If you can't use cash, at least use a credit card that offers 24-hour customer service and has a good reputation for customer protection and fraud detection.

2. Ask every restaurant manager you patronize to consider using customer point of service swipes. Convey your concern, and let them know you have been a victim of similar fraud in the past. The more an establishment's management hears these requests, the more likely they will consider changing their payment processing policies.

3. Know your financial institution's policies on fraud. What, if anything are you liable for? How long does it take to get a replacement card? How quickly will stolen money be put back in your account?

4. Notify an establishment if you feel there is a security leak. You can't accuse if you don't have proof, but you can share your suspicion and concern. For all you know, they may have had similar complaints which will tip them off to a serious staffing problem. Be polite, but share the information with management.

5. Notify your financial institutions ahead of time if you are traveling. Many banks have profiles, algorithms, etc. based on prior purchasing habits.  If they start seeing out of state or country activity, or an uptick in shopping patterns, they may question or block your purchases, which can be embarrassing.

6. Check your credit reports regularly. Annual Credit Report is the ONLY legitimate and free without any catch or additional fee service.

7. Be observant where and how you give out credit card information. Can you be overheard? Is the credit card leaving your possession? Make sure online sites are secure- look for https in the url (the added s indicates the site is secure).

Concerned about joining Facebook? Do so worry-free by following four simple steps!

Facebook has gotten a lot of bad press lately, and deservedly so. The chief criticism of Facebook is that it continually adds new features and automatically enrolls its members to accept them. Members find out about the changes through friends' warnings and blog and news reports.  Facebook members have to navigate what has been aptly called a "labyrinth" or maze of privacy settings to "opt out" and prevent their data, opinions or comments from being shared all over the Internet.

The blogosphere switchboards have been lighting up like August fireflies about Facebook. Simply Google "Facebook privacy concerns" and you will get all the background and prudent education you will need on the subject.

That being said, Facebook can be fun and safe if used wisely. There is one sure fire way to assure your Internet privacy and still use Facebook. Don't tell them who you really are!  Follow these steps when opening up a Facebook, or any Internet account, for that matter:

1. Adopt an Internet pen-name. Writers, artists and musicians do it all the time! This can be similar to your own name, especially if you want friends to find you. But change a letter, alter the spelling, or better still, use a "handle" or pseudonym. The Beatles were famous for this when they would play on friends' albums and wanted to do so to avoid contractual obligations. George Harrison became Hari Georgeson, George O'Hara, etc. So pick an Internet name and be consistent - stick with it.

2.  Create a new Date of Birth. Why on earth would you ever give out your real DOB to strangers on the Internet? There is just no excuse for this practice! Unless it is for legitimate, secure-site functions (https) like banking, filing local tax returns, etc., do not share your real DOB. Especially for social networking purposes! My gosh are you nuts? Facebook asks for your DOB and other information so that it can target ads to your particular demographic. I have an Internet birthday that I use all the time - anytime I am queried about it on the Web.  I am not interested in defrauding anyone. I don't advocate making oneself 10 years older or younger. Keep it close to the real thing,  but not the real thing, okay?  Just because Facebook asks doesn't mean they have to know and then share the real deal about your life! Believe me, they are not going to be checking what you provide against your state's bureau of vital statistics. Facebook is not the IRS- though they are probably reporting to it - or will be soon! Ha! Ooooh! Hmmm?

3. Be smart about secret questions and answers. Pick an incongruous phrase: "tomato popcorn" for instance, and use that phrase as your answer to ANY secret question you are prompted with when you open any Internet account. What was your first phone number? "tomato popcorn." What was your first car? "tomato popcorn." What is your pet's name? "tomato popcorn."  Get the idea?  The answers are text fields. You can put anything in them. Pick a phrase you will remember and use it for everything. It doesn't have to (and shouldn't by design) make any sense!! Make it something that no one could guess or associate you with- note "incongruous."  People are sharing the whazoo-out of their lives- their pictures, pets, vacations, family members- openly online. It wouldn't take a hacker very long to figure out the important keywords of your life - and try and guess your secret question to get access to your password. So muck it up a bit- be smart-and come up with an utterly ridiculous phrase as your answer to Internet secret life.

While you are at it, make sure your bank has your new secret answer. Think about it- when we write checks we are giving out our account number and bank. We share our real birthday and location of birth on Facebook- getting one's social security number is not that difficult today. Anybody could call up, pose as a forgetful you, get a new password to your online banking if they know your mother's maiden name. See the importance of the secret question and answer?

4. Create an anonymous e-mail and link that e-mail to your social networking sites. I like  because it is quick and easy and anonymous. Creating a new e-mail is very simple. Do not give out legitimate information. If you live in Newark, NJ, say you live in Princeton, NJ. Do not provide a verifying e-mail.  They ask but you don't have to provide one. Use your alter-ego Internet name and DOB. Pick a user name that is nothing like your real name. If your name is Wally Smith in real life, your e-mail should be something like:  THAT is the e-mail you give to Facebook when opening up an account!! is one of many very good free e-mail services. Gmail is another.

Okay, so you've opened up your Facebook account with your alternate name, e-mail and DOB. Now you don't have to be quite as careful when you share your likes and dislikes, where you work, how you believe, who you are related to and who you are sleeping with. If you are compelled to share this information- if your friends simply must know these facts about you, then at least it is not connected to the real you when Facebook shares it with the world because you forgot to uncheck some box. But the real reasons those questions are there is so that Facebook can target advertisements to you. Informing your friends of your favorite books and movies is a purely secondary benefit. Facebook is hoping that you are like most people- that you love talking about your favorite subject - you! In fact, they are banking on it- literally.

Because I work for a higher ed institution, and have a degree, and shared that on my profile, I get ads like this.
And please check your settings! It is indeed a labyrinth. Selecting "just friends" is not good enough. If your friends are playing games or are Application-happy (quizzes, polls, Farmville, various cosa nostra themed games)- then your data is linked to their use or misuse of privacy or good Internet judgment. Can you depend on them to walk through the privacy labyrinth and do the right thing? There are a lot of useful guides in the blogosphere and IT-friendly sites on exactly where you need check and look into regarding Facebook's privacy and sharing policies. Believe me, on Facebook it is pages deep and maze-like. All of Facebook's privacy settings are not neatly placed under "privacy settings." You must look on every tab of every section to adequately protect yourself.

I use Facebook for keeping in touch with my friends. I have family all over the continent. Thanks to Facebook, I have caught up with cousins and second cousins, shared the joy of new births, virtually traveled with friends to far off places, etc.  For me, the biggest Facebook benefit is photo sharing. But I have taken the time to review my settings- and therefore can enjoy Facebook safely and privately. You can too!