The most important weapon in your arsenal will be your ability to adapt.-Batman (Bruce Wayne): Batman and Robin V1 #24
I LOVE to research things. Unfortunately, that constant drive to learn also results in a (perhaps not so) healthy level of paranoia. To that end, I take every precaution a security advisor can with their data while still functioning normally in an advanced society, much less a technical career. Because I also advise those in my life to do the same; I am the “go to guy” whenever anything technical happens to them.
Recently, one of these situations occurred. Someone near to me (Let’s call him Alfred) was following a common piece of guidance, “Frequently check online account statuses,” a few hours before taking his family on a multi-state road trip. Much to his surprise, he discovered 59 transactions with matching international fees, all under $3.00.
He contacted me, obviously upset and unsure of where to start in trying to resolve the situation. Because people are wired for fear, especially when something new and risky is happening, I knew that I needed to help Alfred redirect that energy into one question:
What is my plan to stop this activity and recover?
In answering this question, it’s important to keep in mind that every situation is different. The Dynamic Duo goes out to almost every encounter with a plan in place. But what happens when it isn’t just Killer Croc, but Catwoman shows up as well? The answer is:
Assess the situation and adapt.
There was enough money left in the account to cover the trip. However, the situation had changed and required a new attack plan. First, establish the baseline facts and initial thoughts.
- Fees were for small, international transactions to Uber
- No one else with access to the account conducted transactions
- Alfred’s Uber Account:- Was last used months ago- Is not linked to the debit card- Is linked to a PayPal account- PayPal DOES NOT have debit card information
- Where did PayPal get the debit card?
- Why are the charges international?
- Why are the charges so small?
- Why didn’t Uber or the bank detect this as fraud?
- What is the plan to stop this?
The first step was to contact the bank. Alfred barely had said the words: “What are these transactions?” before the bank cancelled the card and put an extra fraud watch on the account. Progress, although he now doesn’t have a debit card for the trip. They also advised Alfred to call Uber and have the charges investigated and refunded.
Second step, contact Uber. This is not as easy as one might think. Because there is no way to contact them in person, Alfred filled out their webform to “Identify an unknown charge.” After several back and forth emails with their support (over the course of several days), they were able to determine Alfred’s debit card information was fraudulently on another account. It was removed and he was informed an investigation into the second account would follow. All charges would be refunded to… the cancelled card. Alfred called the bank back and, because he had contacted them first, they would credit the account. At this point, reclaiming the money from Uber was now in the hands of the Card Fraud department.
Finally, because of my “healthy paranoia,” I did one last thing for Alfred. I took a forensic image of the only computer Alfred believes he ran this card through for later investigation. No, most people won’t do this. While I had hoped the forensic image would point to a clue, to Alfred’s relief and my disappointment, there were no identified indicators of compromise on the system.
And better safe than sorry, taking a forensic image was followed by a format and reinstall of the OS and recovery from weekly backups. Fortunately, Alfred had followed another frequent piece of guidance, “Conduct frequent backups of all important files.” Automated weekly backups meant that very little was lost.
We never determined the source of the breach, but just stop for a moment and think about all of the places that your debit card goes, even if it isn’t being used. The reach of one’s data, even for the cautious among us, is incredible.
This situation could have been a lot worse. What if the bad actor was testing the card before a shopping spree over the weekend? About to walk up to an ATM? What if that was all the money Alfred had and it was now on hold with the bank, but he needed it to feed his family? Fortunately, guidance turned habitual action was faster than the automated methods in place.
Just as Bruce taught his son Damian (Robin, above) to adapt to the situation, we too must adapt our security to match changing conditions. Knowing that your debit card has been compromised can be a scary event. Taking the following actions can help minimize the potential cyber security risk and keep your finances secure:
- Use your card wisely. Avoid using it on websites you don’t trust and in physical locations that are infrequently monitored, such as gas stations. Be on the lookout for card skimmers at ATMs.
- Check your accounts for unauthorized charges or debits and continue monitoring your accounts.
- Report a suspicious charge or debit immediately.
- Cancel the card and have it replaced.
- Change your passwords and PIN numbers.
- Update and patch your computer’s security systems.
- Check your credit report. Sometimes hackers will use the information to steal your identity. This means that fraudulent charges may not show up on your card accounts because the bad actors have opened new accounts.
- Consider dropping the use of debit cards entirely. If you need to use a debit card, get one from an institution that has good processes in place for protecting you.
- Keep funds in several accounts so that if a card is cancelled, you still have access to your money.
Lastly, each of the major credit card providers (As well as many government and commercial sites) has a section on their site on what you can do to keep yourself secure. Start with the links provided below to gather and apply knowledge. Don’t take the easy checklist approach. Remain vigilant, constantly learn, and adapt to each situation to protect your (or your organization’s) data, money, and identity.
Links to get you started immediately: